Re: isakmpd memory usage

Mon, 19 Jun 2017 23:42:19 -0700 

Hi

Here is my ipsec.conf :

ike esp from /24 to /24 
 peer  
 main auth hmac-sha1 enc aes-256 group modp1024 lifetime 28800 
 quick auth hmac-sha1 enc aes-256 group modp1024 lifetime 3600 
 srcid  
 psk '' 
 tag vpn

ike passive esp transport proto udp from  to any port 1701 
 main auth hmac-sha1 enc aes group modp2048 
 quick auth hmac-sha1 enc aes 
 srcid  
 psk "" 
 tag vpnrw

ike esp from /32 to /24 
 peer  
 main auth hmac-sha2-256 enc aes-256 group modp1024 lifetime 3600 
 quick auth hmac-sha2-256 enc aes-256 group modp2048 lifetime 1200 
 srcid  
 psk ''

ike esp from /32 to /24 
 peer  
 main auth hmac-sha2-256 enc aes-256 group modp1024 lifetime 3600 
 quick auth hmac-sha2-256 enc aes-256 group modp1024 lifetime 1200 
 srcid  
 psk ''

ike esp from  to /24 
 peer  
 main auth hmac-sha1 enc aes-256 group modp1024 lifetime 28800 
 quick auth hmac-sha1 enc aes-256 group modp1024 lifetime 3600 
 srcid  
 psk '' 
 tag vpn

Actually the isakmpd process is eating more than 100MB of memory per day. 
Nicolas
17 juin 2017 11:13 "Michał Koc"  a écrit:
        Hi Nicolas, 

        We are currently investigating some isakmpd memory problem with the 
devs. 

        We have isakmpd running more than 100 tunnels. 

        Please post Your ipsec.conf with auth data and addresses anonimised to 
investigate. 

        best regards
Michał Koc 
------ Wiadomość oryginalna ------
Temat: Re: isakmpd memory usage
Nadawca: Nicolas Repentin  (mailto:nico...@shivaserv.fr)
Adresat: misc@openbsd.org (mailto:misc@openbsd.org)
Data: 17.06.2017 09:49  

        No one ? Le 13 juin 2017 09:11:02 GMT+02:00, Nicolas  
(mailto:nico...@shivaserv.fr) a écrit : 

        Hi everyone I'm searching some help about isakmpd, which is eating a 
lot of memory, until the machine crash. It's an OpenBSD 6.1 on Qemu KVM 
(ganeti). After 3 days, the process is using 650MB of memory. When she's 
"freezed", she's unreachable on network, and on console she's blinking on tty, 
like normal, but we can't write anything on it. No .core are generated. I got a 
lot of errors like "INVALID_ID_INFORMATION" on "NO_PROPOSAL_CHOSEN" on ipsec 
logs, but ipsec connections are working. Any idea how I can debug it? Thanks, 
Nicolas

Reply via email to