Regression #11795
closed
Applying IPsec settings for more than ~30 tunnels times out PHP
Added by Jim Pingle over 3 years ago.
Updated over 3 years ago.
Plus Target Version:
21.05
Description
When attempting to apply IPsec changes on a system with more than around 30 tunnels, the apply process causes a timeout in PHP.
When creating a new Phase 1 entry and then attempting to apply changes, the GUI page loads for 2-3 minutes and then finally ends with a 504 gateway timeout error. In the past, similar actions have taken around 20 seconds.
The change does appear to have taken when going back into the GUI after a while.
See also https://forum.netgate.com/topic/162168/ipsec-apply-changes-time-out/18 and internal issue NG #6011
Files
Currently running on 21.02.2-RC code on zColo vpn concentrators, along with a patch to fix VTI creation issues after already having 33 ipsec tunnels in place.
Issue is that if I create a new p1 tunnel, and save, and then click 'apply changes', it times out after 2-3 minutes of appearing to load. Attached is screenshot.
There must be more to it than just the number of tunnels. I generated a config with 40 dummy tunnels and it applies the configuration in ~35 seconds without errors several times in a row on 21.05 on new hardware.
I tried on 21.02.2 in a smaller VM (less RAM, lower performance) and it still applied in about 45 seconds.
I would add that it also takes a LONG time to pull ipsec status.
- Status changed from New to Feedback
- Assignee set to Anonymous
- Target version changed from CE-Next to 2.6.0
- % Done changed from 0 to 100
This should be fixed on current snapshots by the following commits:
- Plus Target Version set to 21.05
- Target version changed from 2.6.0 to 2.5.2
- Status changed from Feedback to Resolved
Tested 51 entries and working on 21.05/2.5.2 - marking as resolved.
Also available in: Atom
PDF