IPsec Stability fixes and 1.2-RC4

January 18th, 2008 by Scott Ullrich

Some of you might have noticed that a lot of work went into getting IPsec running a bit smoother for large numbers of connections. We would like to take a moment and thank a number of folks for their hard work and for their generous monetary contributions that made these efforts possible.

1. Heiko Gabe w/ neos-ag.de donated significant monetary resources to sponsor these fixes. Heiko has sponsored many projects in pfSense and we are exceptionally grateful for his continued support.

2. Timo Teräs is a racoon developer and helped correct a few very minor bugs in racoon and worked on improving setkey code in FreeBSD. Timo is a genius and we are absolutely grateful to him for helping us out.

3. Seth Mos is a pfSense developer and uses IPsec at his work. Seth has been extremely patient and has worked with Timo and Heiko to coordinate, test and get these patches into pfSense.

Now pfSense can handle far more connections than it could when we began. We could barely handle 75 connections at a time then racoon would go into “sbwait” state mode and would wedge. Now we have noticed that 250+ active tunnels can be running simultaneously and everything seems to work great. I would not be surprised to see us being able to handle thousands of tunnels but we still need to test this.

Thanks to everyone involved, our IPsec is far more scalable than what is in FreeBSD itself! Next step is to try and convince the FreeBSD developers to adopt our changes so everyone can win.

Please give everyone above a great round of applause, we really appreciate you guys!!

19 Responses to “IPsec Stability fixes and 1.2-RC4”

  1. Sunny Says:

    My appreciation goes toward all of you involved in this great project.

    Thank you!

  2. Rui Correia Says:

    Hiphip, Hurray!
    Thank you very much to all developers and fund raisers that have been helping the core team this much.
    Thank you all very much.

  3. rt_rex Says:

    CLAP CLAP CLAP CLAP.
    GREAT JOB GUYS .
    Great jog ,this is the only free project that i use and can say i am 110% happy with it .
    I don’t have the knowledge of some of you guys but you made it that lames (like me) can use it,thats the secret of your success !
    I dont think you have an idea of how many ppl are using this .
    Just a crazy idea add a piece of code to reply to one os your servers just to count the number of boxes running your project .(then had it ti google maps by geolocating the reply IP )
    Just waiting for a final release to upgrade my old box :)

  4. Martin Kruse Says:

    A big round of applause to ALL of the developers! I love your fantastic product!

  5. Tony Says:

    Thanks everyone for making a great project even better.

  6. Brian Says:

    Awesome work everybody. The peanut gallery appreciates you greatly.

    Looking forward to updating to 1.2-REL at the end of the month.

    What a great example of rock solid engineering.

  7. kamus Says:

    clap clap clap
    nice work guys ;)

  8. dvserg Says:

    Big thanks all developers!
    Now i use this beautiful product, and all my need’s already solve.
    And as bonus – i learning FreeBSD (my first non-win system), php, and etc.. :)
    I see big future for this project.

  9. Marco Teixeira Says:

    CLAP, CLAP, CLAP…

  10. RR Says:

    W00T!
    I’ve been using pfsense since I saw the first public RC.
    pfSense has always been the most stable and best developed OSS project out there. You guys are GREAT.
    Thank You.

  11. Juve Says:

    Very nice…
    Every people involved in that project gives his best.
    PfSense is really a good open source project, with a really good and “human” leading team.
    Not much to say except “good work guys”.

  12. Alex Says:

    EXCELLENT work guys – I’ve always been a fan of Linux iptables firewalls but this might very well have changed my mind :)

  13. Flemming Says:

    Awesome!!!!!!!! This is an amazing product! Been running 1.2Beta’s all the way up to now without much of a hassel at all!!! Looking very much forward for the final release :D

  14. Jose Luis Says:

    Some news about final release???

  15. PredatoryFern Says:

    Very nice work guys! A big thank you to the pfSense developers and Heiko Gabe!

  16. Diego Says:

    Congratulations. This is a pertect software.

    Many thanks.

  17. ZZ Says:

    Great job!
    Thanks guys for your excellent work… pfsense makes me happy!

  18. Carl Says:

    are we days or weeks from the 1.2 release?

  19. Jason Hill Says:

    We use pfSense on some site-to-site VPNs and are very grateful for this project. I love the stability, better than some big expensive commercial products that I’ve used before…

    Thank You!!!

Please don’t post technical questions or off-topic comments. It is far more likely that your questions and concerns will be addressed effectively through one of our support channels.

Leave a Reply