There are too many TCP/IP connections (code 15)

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Stephane
Posts: 6
Joined: Sun Nov 29, 2015 10:27 pm

There are too many TCP/IP connections (code 15)

Post by Stephane » Sun Nov 29, 2015 10:31 pm

Hi All,

My VPN has stopped working suddenly. I'm having the following error in the logs:
Connection "CID-12787" terminated by the cause "There are too many TCP/IP connections." (code 15).

I have tried to increase the number of file descriptors in Linux and it does not resolve the issue. Do you have any other tips/ideas that could help me?

Kind regards,
Stephane

Stephane
Posts: 6
Joined: Sun Nov 29, 2015 10:27 pm

Re: There are too many TCP/IP connections (code 15)

Post by Stephane » Mon Nov 30, 2015 8:20 am

Dear All,

I'm having another issue this morning, probably related. My server log file shows
"The TCP listener is temporary suspending to accept new inward connections because of the number of pending TCP connections exceeded 4000. (Current value = 4001)"
I definitely have less than 4000 clients.
Clients seem to establish a connection but they can no longer access the services that are on the server.

Does anyone have an idea of why this is happening? Or can guide me on the track?

Thanks,
Stephane

Petrol
Posts: 44
Joined: Wed May 06, 2015 11:23 pm

Re: There are too many TCP/IP connections (code 15)

Post by Petrol » Mon Nov 30, 2015 4:09 pm

Do you have more then 125 connected clients ? Because it's possible for a client to open up to 32 (125 * 32 = 4000) connections with softether. This can be changed in the server config.

Stephane
Posts: 6
Joined: Sun Nov 29, 2015 10:27 pm

Re: There are too many TCP/IP connections (code 15)

Post by Stephane » Mon Nov 30, 2015 4:17 pm

Dear Petrol,

Thanks for your answer.
I indeed have more than 125 clients.
What is the setting that needs to be changed for this?

Kind regards,
Stephane

Petrol
Posts: 44
Joined: Wed May 06, 2015 11:23 pm

Re: There are too many TCP/IP connections (code 15)

Post by Petrol » Wed Dec 02, 2015 2:39 pm

Hello,

I'm sorry for the delay of the answer.

There are two ways of setting the number of TCP Connections :

Server Side :
You can change the numbers of allowed TCP connections per client in the Security Policy of each User account of a Hub.

Hub > User > Security Policy > Maximum number of TCP connections.

If you have multiple Hubs on your server and a lot of User Account for each of them, you'll have to set this value for every account ...

If you use an external Authentication server, it's great because you only need to change this value for the wilcard (*) User.

Sadly I don't know if there is a way to set this value globally for every hubs and User of the server.


Client Side :

You can also set the number of TCP connections in the Softether client

Select of connection profile > Properties >Advanced Settings >Number Of TCP Connections

The downside is that your "customers" will be able to override this value whenever they want ...

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: There are too many TCP/IP connections (code 15)

Post by thisjun » Fri Dec 11, 2015 7:05 am

If there are many pending connection, the message will be shown.
I think someone do portscan or something, which is not VPN client, to connect your server.

Stephane
Posts: 6
Joined: Sun Nov 29, 2015 10:27 pm

Re: There are too many TCP/IP connections (code 15)

Post by Stephane » Mon Dec 21, 2015 3:15 pm

Hi thisjun,

Thanks for your reply. Indeed it looks like it. I turned off the service for a few days and now I have turned it back on without doing anything and it is working perfectly.

Is there any setting in SoftEther that I should use to limit this issue? I'll also see that can be done with the firewall to reduce this.

Kind regards,
Stephane

Post Reply