Good morning,
We need to know if VyOS has limitations regarding the IPSec tunnels you can configure on it. If someone has some feedback about it, we will appreciate it.
At the moment we have VyOS with a max of 4 or 5 phases 1, we want to know what is the limitation or the recommendation about how many phases 1 can a VyOS manage.
We are thinking about having a VyOS with 30 ipsecs tunnels (phases 1), those tunnels would have arround 1MB of traffic, do you know this is possible and recommended? For configuring 150 ipsec tunnels (phases 1), what is the minimum number of VyOS we should install for managing this amount of tunnels?
On the other hand, is it possible to configure a log for each phase 1 in a VyOS, or all the ipsec tunnels send their logs against the same ipsec log?
Hello @isantolaya. VyOs has no limitation of maximum active or configured IPSec tunnels.
As for logging, in syslog (local or remote) you will get peer name, manipulate with this data how you want.
<timestamp> R1 charon[PID]: 10[ENC] <peer-x.x.x.x> parsed INFORMATIONAL request x [ D ]
<timestamp> R1 charon[PID]: 10[IKE] <peer-x.x.x.x> received DELETE for ESP CHILD_SA with SPI xxxxx