Maximum IPsec tunnels that can be configured in VyOS

Good morning,
We need to know if VyOS has limitations regarding the IPSec tunnels you can configure on it. If someone has some feedback about it, we will appreciate it.
At the moment we have VyOS with a max of 4 or 5 phases 1, we want to know what is the limitation or the recommendation about how many phases 1 can a VyOS manage.

We are thinking about having a VyOS with 30 ipsecs tunnels (phases 1), those tunnels would have arround 1MB of traffic, do you know this is possible and recommended? For configuring 150 ipsec tunnels (phases 1), what is the minimum number of VyOS we should install for managing this amount of tunnels?

On the other hand, is it possible to configure a log for each phase 1 in a VyOS, or all the ipsec tunnels send their logs against the same ipsec log?

Thank you in advance for your help.


Hello @isantolaya. VyOs has no limitation of maximum active or configured IPSec tunnels.
As for logging, in syslog (local or remote) you will get peer name, manipulate with this data how you want.

<timestamp> R1 charon[PID]: 10[ENC] <peer-x.x.x.x> parsed INFORMATIONAL request x [ D ]
<timestamp> R1 charon[PID]: 10[IKE] <peer-x.x.x.x> received DELETE for ESP CHILD_SA with SPI xxxxx

I right now have 15 IPsec tunnels configured on my 4 GB RAM and 2 vCPU cloud vyos instance. Those are living up properly without any issues.

Thank you guys for your responses

We have round about 100 VPNs per VyOS Appliance without any Issues.

We use Zabbix for Monitoring them and all looks fine

How do you monitor with zabbix using SNMP? or any specific API?