Cannot add more than 63 sensors to Central Manager
search cancel

Cannot add more than 63 sensors to Central Manager

book

Article ID: 249664

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

When adding sensors to the central manager, it seems that after about 60 or more are added, they never connect.  They show as "Not Connected" 

Cause

The Central Manager opevpn network mask was configured as 255.255.255.0   The way openvpn works by default is that for every connection between the sensor and the CM, it takes up 4 IP addresses.  A subnet mask of 255.255.255.0 is the default configuration.  That is 255 addresses, but broadcast takes one of them, so 254.  Divided by 4, that is 63.  In the CMC configuration, if you have more than 63 sensors, they will not be able to connect.  The tunnel is created, but there is no connection.  

Resolution

There are two ways to fix this.  Change your network mask in the Central Manager configuration on the CM itself to a mask that allows for more IP addresses.  If you change the mask, you must remove all sensors from the CM and add all of them back.

Another option is to hard code openvpn to use only one IP address per VPN connection.  To do this, run the following command as root from the CLI:

#> echo 'topology p2p' >> /etc/openvpn/server.conf
#> dsvpn --restart

NOTE: in order for the sensors to reconnect to the CM, the 'dsvpn --restart' must be run on all sensors as well.  Once run, the CM should show the connection reestablished.

If any sensors were added above the 63 limit, they will need to be deleted and re-added after the topology line change above.

The topology p2p line will be added by default starting in Security Analytics version 8.2.6.

Additional Information

p2p -- Uses a point-to-point topology where the remote endpoint of the client's tun interface always points to the local endpoint of the server's tun interface.
This mode allocates a single IP address per connecting client.