Charon memory leak
-
How can you solved it ?
Setting your tunnels from IKEv1 to IKEv2 ?
-
I don't think you can. I've tried IKEv1 IKEv2 all sorts of different settings and Charon continues to eat memory.
-
Any news on this problem ? Is Strongswan working well for anyone ? Or all >= 2.2.3 users affected ?
I would be happy to offer my help to find the culpit… Maybe we can open a Redmine ticket ?
Thanks !
-
Exactly the same issue for me in production with a low constant traffic. We need to restart the service every week.
I'm a bit afraid by this ticket from strongswan tracking :
https://wiki.strongswan.org/issues/964
Since I clearly do not have a high traffic on that pfSense node, it seems there IS a memory leak somewhere in charon… But in any case, they're talking about the v5.3, so if it's our issue, upgrade the pfsense dependency won't fix it.I think we need a ticket, but where ? ... both places ?
Regards
Alex -
It is not that issue, see this thread also. https://forum.pfsense.org/index.php?topic=96187.0
CMB said he was going to look into it, but haven't heard anything back yet. i think it might be something with the FreeBSD port of strongswan because it doesn't seem like linux users are having this issue. Strongswan does have 5.3.3 coming out soon, but i don't see anything in release related to this.
Also from my testing this issue is in every 2.2.X release
-
Can confirm. Didin't check new threads before posting:
https://forum.pfsense.org/index.php?topic=98672.0
-
I'm a bit afraid by this ticket from strongswan tracking :
https://wiki.strongswan.org/issues/964That's strictly related to their userland libipsec, which has no relevance to anything we use.
I confirmed the general issue.
https://redmine.pfsense.org/issues/5149
https://wiki.strongswan.org/issues/1106 -
Hi,
May I ask you for news about this really anoying problem ?
Thanks and regards
-
It's being worked currently. https://redmine.pfsense.org/issues/5149
-
It's being worked currently. https://redmine.pfsense.org/issues/5149
There's an update on that ticket. Next snapshot run should resolve the serious leaks.