Charon memory leak
-
Even my end points with 1 VPN tunnel are having this problem. It just takes an really long time for it to run out of memory. Here is a box that has been up for 63 days.
root 33255 0.0 14.5 321168 298032 - Is 15Jun15 7:33.03 /usr/local/libexec/ipsec/charon --use-syslogAttach is the 3 month graph.
I've tried different ipsec settings but nothing seems to help. It seems charon is just broken.
-
How can you solved it ?
Setting your tunnels from IKEv1 to IKEv2 ?
-
I don't think you can. I've tried IKEv1 IKEv2 all sorts of different settings and Charon continues to eat memory.
-
Any news on this problem ? Is Strongswan working well for anyone ? Or all >= 2.2.3 users affected ?
I would be happy to offer my help to find the culpit… Maybe we can open a Redmine ticket ?
Thanks !
-
Exactly the same issue for me in production with a low constant traffic. We need to restart the service every week.
I'm a bit afraid by this ticket from strongswan tracking :
https://wiki.strongswan.org/issues/964
Since I clearly do not have a high traffic on that pfSense node, it seems there IS a memory leak somewhere in charon… But in any case, they're talking about the v5.3, so if it's our issue, upgrade the pfsense dependency won't fix it.I think we need a ticket, but where ? ... both places ?
Regards
Alex -
It is not that issue, see this thread also. https://forum.pfsense.org/index.php?topic=96187.0
CMB said he was going to look into it, but haven't heard anything back yet. i think it might be something with the FreeBSD port of strongswan because it doesn't seem like linux users are having this issue. Strongswan does have 5.3.3 coming out soon, but i don't see anything in release related to this.
Also from my testing this issue is in every 2.2.X release
-
Can confirm. Didin't check new threads before posting:
https://forum.pfsense.org/index.php?topic=98672.0
-
I'm a bit afraid by this ticket from strongswan tracking :
https://wiki.strongswan.org/issues/964That's strictly related to their userland libipsec, which has no relevance to anything we use.
I confirmed the general issue.
https://redmine.pfsense.org/issues/5149
https://wiki.strongswan.org/issues/1106 -
Hi,
May I ask you for news about this really anoying problem ?
Thanks and regards
-
It's being worked currently. https://redmine.pfsense.org/issues/5149
-
It's being worked currently. https://redmine.pfsense.org/issues/5149
There's an update on that ticket. Next snapshot run should resolve the serious leaks.