Project

General

Profile

Actions

Bug #12026

closed

Applying IPsec settings for many tunnels is slow or times out

Added by Viktor Gurov almost 3 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
06/11/2021
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Default
Affected Version:
2.6.0
Affected Architecture:

Description

This is an additional optimization for #11795:

1. `ipsec_get_phase1_src()` - always executes `get_interface_ip/ipv6`, even if no appropriate protocol is selected
2. `ipsec_setup_secrets()` - always writes CRL files, even if there is no PH1 cert authentication
3. `resolve_retry()` - set `$retries = 10` it can significantly improve FQDN resolution time:

# trying to resolve non-existent "agdfasdfsdf.netgate.com":
# time php -f resolve50retries.php
0.176u 0.047s 0:18.14 1.1%    4588+402k 91+0io 0pf+0w
# time php -f resolve10retries.php
0.136u 0.045s 0:03.36 5.0%    3968+364k 51+0io 0pf+0w


Related issues

Related to Bug #12195: IPsec writes CRL files when tunnel does not use certificatesResolvedViktor Gurov

Actions
Related to Bug #12196: IPsec settings fail to apply when a remote gateway is set to an FQDN and there are no DNS servers availableResolvedViktor Gurov

Actions
Actions

Also available in: Atom PDF