MBUF slowly increasing over time
-
Must be some config you have or something you're running.
What packages do you have installed?
Steve
-
These are my installed packages
-
Are you running OpenVPN with DCO enabled perhaps?
Are you using traffic shaping at all? Captive portal?
-
I’ve enabled DCO but in the last week there wasn’t any incoming connection.
I’ve disabled DCO right now, but I dont believe that’s the reason..I’m not using traffic shaping or CP
-
You were definitely seeing it before you enabled DCO?
-
I have now tested a bit over the day. In fact, the cause was the DCO setting of the OpenVPN tunnels. After I fixed this setting on two tunnels, the problem is gone and the MBUF stays constant again!
Thanks a lot for your help!
-
Ooo, that sounds like something we need to address. You just disabled DCO and the mbuf leak stopped? Made some other change?
Steve
-
I only disabled DCO on two existing tunnels, since then it has remained constantly at that value, after a restart it is constantly low again.
-
Are you able to share the settings you were using that created the leak? None of my DCO test systems appear to be leaking.
-
Yes, what settings do you need?
-
Ideally the full server config with DCO enabled and whatever redacted you need to.
So either the OpenVPN config from:
/var/etc/openvpn/server1/config.ovpnOr the server section from the main pfSense config file.
But anything you can provide to help us replicate it would be very helpful.
Steve
-
Since in the VPN config is nothing big in it, I can also simply upload here, but just as TXT, because the upload here does not allow everything.
I had DCO now again for a few minutes on and connected with my cell phone via VPN, my MBUF went up in this time about 400. Therefore I have deactivated it now again. Since I pulled the config file afterwards, DCO is now disabled here.
For this VPN I have a firewall rule which allows the traffic to all destinations. Only the "Allow IP options" I have activated here.
If you need more data, I am at your disposal!
Edit:
Do you mean the OpenVPN server excerpt from the pfSense config? -
So, now I would also have the entire Config. I had DCO only a few minutes on and the value has risen directly again rapidly.
How can I send you the config?
-
That's probably good enough but more data never hurts!
You can upload files to me here: https://nc.netgate.com/nextcloud/s/kfzcg536kMRgtGd
Steve
