Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec (VTI) memory leak.

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 528 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 0daymaster0
      0daymaster
      last edited by

      Hi. I had a pfsense box at a remote site crash on me today. I suspect there is a memory leak relating to the implmentation of IPsec on pfSense.

      I run a VTI tunnel back to my core router. I enabled a giant new recurring backup job yesterday. The backup job began at 11:30 PM.

      Core router:

      f079218c-d936-4bbb-9c42-32cad1176147-image.png

      Branch router:

      019281fb-6604-45c3-8f5e-50bc4c09059e-image.png

      My core router was able to handle the additional load; as you can see the branch router did not. How can I confirm that this is indeed related to a memory leak? Thanks.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        To get a better idea, you will need to check and track the usage of individual processes over time.

        Just because the data is flowing over IPsec doesn't necessarily mean it's directly related to IPsec.

        Also, FreeBSD will attempt to use as much RAM as possible for things like caching, because free RAM is wasted RAM. It's normal for RAM usage to be high. You need only worry when processes start crashing/dying.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        0daymaster0 1 Reply Last reply Reply Quote 0
        • 0daymaster0
          0daymaster @jimp
          last edited by

          @jimp So I don't have definitive proof but both my core router and branch router started swapping out. My branch router filled up its swap then crashed. My core router would have crashed also but it has 32 GB of RAM while my branch router only has 16 GB of RAM. The memory usage tracks exactly with the backup job.

          Core router memory overview including swap usage:

          86018311-ff80-4f6e-b75d-d9e87f6688d2-image.png

          Branch router memory overview including swap usage:

          8f08546d-07dd-419b-a5a2-c71ed244eb9a-image.png

          For the time being I am moving all my tunnels that I can over to OpenVPN. This is unfortunate as OpenVPN does not get good performance and I have some remote sites with Fortigate firewalls. Fortigate does not support OpenVPN.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.