diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc
index 2a0948553..c21bd51ed 100644
--- a/src/etc/inc/plugins.inc.d/ipsec.inc
+++ b/src/etc/inc/plugins.inc.d/ipsec.inc
@@ -1898,7 +1898,11 @@ function ipsec_configure_vti($verbose = false)
         // create required interfaces
         $inet = is_ipaddrv6($intf_details['local']) ? 'inet6' : 'inet';
         if (empty($current_interfaces[$intf])) {
-            if (mwexecf('/sbin/ifconfig %s create reqid %s', array($intf, $intf_details['reqid'])) == 0) {
+            // prevent ipsec vti interface to hit 32768 limit (create numbered, rename and attach afterwards)
+            exec('/sbin/ifconfig ipsec create 2>&1', $cmdout, $cmdret);
+            if ($cmdret == 0) {
+                legacy_interface_rename($cmdout[0], $intf);
+                mwexecf('/sbin/ifconfig %s reqid %s', array($intf, $intf_details['reqid']));
                 mwexecf(
                     '/sbin/ifconfig %s %s tunnel %s %s up',
                     array($intf, $inet, $intf_details['local'], $intf_details['remote'])