Re: isakmpd memory usage
On 17/06/17(Sat) 09:49, Nicolas Repentin wrote: > No one ? > > Le 13 juin 2017 09:11:02 GMT+02:00, Nicolasa écrit : > >Hi everyone > > > >I'm searching some help about isakmpd, which is eating a lot of memory, > >until the machine crash. It's an OpenBSD 6.1 on Qemu KVM (ganeti). > >After 3 days, the process is using 650MB of memory. > > > >When she's "freezed", she's unreachable on network, and on console > >she's blinking on tty, like normal, but we can't write anything on it. > >No .core are generated. > > > >I got a lot of errors like "INVALID_ID_INFORMATION" on > >"NO_PROPOSAL_CHOSEN" on ipsec logs, but ipsec connections are working. > > > >Any idea how I can debug it? You could start by increasing the log level. Then rotate the log regularity, like everyday. Every time you rotate the log, write down the amount of memory consumed by the daemon. Then hopefully you can find a pattern in the log that's proportional to the amount of memory leaked between each rotation. Many the number of INVALID_ID_INFORMATION or something else. That information could help us reducing the scope of the memory leak.
Re: isakmpd memory usage
Hi Here is my ipsec.conf : ike esp from /24 to /24 peer main auth hmac-sha1 enc aes-256 group modp1024 lifetime 28800 quick auth hmac-sha1 enc aes-256 group modp1024 lifetime 3600 srcid psk '' tag vpn ike passive esp transport proto udp from to any port 1701 main auth hmac-sha1 enc aes group modp2048 quick auth hmac-sha1 enc aes srcid psk "" tag vpnrw ike esp from /32 to /24 peer main auth hmac-sha2-256 enc aes-256 group modp1024 lifetime 3600 quick auth hmac-sha2-256 enc aes-256 group modp2048 lifetime 1200 srcid psk '' ike esp from /32 to /24 peer main auth hmac-sha2-256 enc aes-256 group modp1024 lifetime 3600 quick auth hmac-sha2-256 enc aes-256 group modp1024 lifetime 1200 srcid psk '' ike esp from to /24 peer main auth hmac-sha1 enc aes-256 group modp1024 lifetime 28800 quick auth hmac-sha1 enc aes-256 group modp1024 lifetime 3600 srcid psk '' tag vpn Actually the isakmpd process is eating more than 100MB of memory per day. Nicolas 17 juin 2017 11:13 "Michał Koc" a écrit: Hi Nicolas, We are currently investigating some isakmpd memory problem with the devs. We have isakmpd running more than 100 tunnels. Please post Your ipsec.conf with auth data and addresses anonimised to investigate. best regards Michał Koc -- Wiadomość oryginalna -- Temat: Re: isakmpd memory usage Nadawca: Nicolas Repentin (mailto:nico...@shivaserv.fr) Adresat: misc@openbsd.org (mailto:misc@openbsd.org) Data: 17.06.2017 09:49 No one ? Le 13 juin 2017 09:11:02 GMT+02:00, Nicolas (mailto:nico...@shivaserv.fr) a écrit : Hi everyone I'm searching some help about isakmpd, which is eating a lot of memory, until the machine crash. It's an OpenBSD 6.1 on Qemu KVM (ganeti). After 3 days, the process is using 650MB of memory. When she's "freezed", she's unreachable on network, and on console she's blinking on tty, like normal, but we can't write anything on it. No .core are generated. I got a lot of errors like "INVALID_ID_INFORMATION" on "NO_PROPOSAL_CHOSEN" on ipsec logs, but ipsec connections are working. Any idea how I can debug it? Thanks, Nicolas
Re: isakmpd memory usage
No one ? Le 13 juin 2017 09:11:02 GMT+02:00, Nicolasa écrit : >Hi everyone > >I'm searching some help about isakmpd, which is eating a lot of memory, >until the machine crash. It's an OpenBSD 6.1 on Qemu KVM (ganeti). >After 3 days, the process is using 650MB of memory. > >When she's "freezed", she's unreachable on network, and on console >she's blinking on tty, like normal, but we can't write anything on it. >No .core are generated. > >I got a lot of errors like "INVALID_ID_INFORMATION" on >"NO_PROPOSAL_CHOSEN" on ipsec logs, but ipsec connections are working. > >Any idea how I can debug it? >Thanks, > >Nicolas -- Nicolas
isakmpd memory usage
Hi everyone I'm searching some help about isakmpd, which is eating a lot of memory, until the machine crash. It's an OpenBSD 6.1 on Qemu KVM (ganeti). After 3 days, the process is using 650MB of memory. When she's "freezed", she's unreachable on network, and on console she's blinking on tty, like normal, but we can't write anything on it. No .core are generated. I got a lot of errors like "INVALID_ID_INFORMATION" on "NO_PROPOSAL_CHOSEN" on ipsec logs, but ipsec connections are working. Any idea how I can debug it? Thanks, Nicolas