SoftEther VPN User Forum

Hi All,

My VPN has stopped working suddenly. I'm having the following error in the logs:
Connection "CID-12787" terminated by the cause "There are too many TCP/IP connections." (code 15).

I have tried to increase the number of file descriptors in Linux and it does not resolve the issue. Do you have any other tips/ideas that could help me?

Kind regards,
Stephane

Dear All,

I'm having another issue this morning, probably related. My server log file shows
"The TCP listener is temporary suspending to accept new inward connections because of the number of pending TCP connections exceeded 4000. (Current value = 4001)"
I definitely have less than 4000 clients.
Clients seem to establish a connection but they can no longer access the services that are on the server.

Does anyone have an idea of why this is happening? Or can guide me on the track?

Thanks,
Stephane

Do you have more then 125 connected clients ? Because it's possible for a client to open up to 32 (125 * 32 = 4000) connections with softether. This can be changed in the server config.

Dear Petrol,

Thanks for your answer.
I indeed have more than 125 clients.
What is the setting that needs to be changed for this?

Kind regards,
Stephane

Hello,

I'm sorry for the delay of the answer.

There are two ways of setting the number of TCP Connections :

Server Side :
You can change the numbers of allowed TCP connections per client in the Security Policy of each User account of a Hub.

Hub > User > Security Policy > Maximum number of TCP connections.

If you have multiple Hubs on your server and a lot of User Account for each of them, you'll have to set this value for every account ...

If you use an external Authentication server, it's great because you only need to change this value for the wilcard (*) User.

Sadly I don't know if there is a way to set this value globally for every hubs and User of the server.


Client Side :

You can also set the number of TCP connections in the Softether client

Select of connection profile > Properties >Advanced Settings >Number Of TCP Connections

The downside is that your "customers" will be able to override this value whenever they want ...

If there are many pending connection, the message will be shown.
I think someone do portscan or something, which is not VPN client, to connect your server.

Hi thisjun,

Thanks for your reply. Indeed it looks like it. I turned off the service for a few days and now I have turned it back on without doing anything and it is working perfectly.

Is there any setting in SoftEther that I should use to limit this issue? I'll also see that can be done with the firewall to reduce this.

Kind regards,
Stephane