Normal charon memory usage?
-
We actually had the same amount of tunnels running on a box with dual core and 1gb ram for long time, that was 2.1.X and with racoon we never saw this issue.
I imagine the same as above, related to the circumstance that the version jump from pfSense 2.1.x to version 2.2.2
was also a version jump from FreeBSD 8.3 to 10.0.I was wondering if anyone else out there has 100+ Ipsec tunnels and not having this issue?
And I am pretty sure they will be all, earlier or later, coming in the same trap as you.
Perhaps stronger and more powerful hardware and a pit of more RAM will do it also, without tuning the mbufs
size, but this is another story. -
Mbufs are running at 4 to 7% of the default count while RAM is still being consumed. Not sure how increasing the Mbuf max count will help.
Logs are set for silent. Clearing the log has no significant impact on RAM.
-
Not sure how increasing the Mbuf max count will help.
Then please read this article that would it perhaps explaining some how better.
Tuning FreeBSD to serve 100-200 thousands of connections -
There is a memory leak of some sort in strongswan under some condition(s).
djamp42: that's the worst I've seen, by far. Especially bad on a system with 2 GB RAM. Could you PM me a copy of your config from <ipsec>to</ipsec> ? Can copy/paste off of status.php which should trim out PSK and cert data which is unnecessary.
-
I have been changing all my pfsense - pfsense tunnels to IKEv2 as i upgrade them. I do have about 50 pfsense to cisco ASA tunnels that have to stay IKEv1 due to the issues with IKEv2. If someone has this working with a large amount of tunnels i would be more then happy to change my settings to see if it fixes it.
-
Also we average about 20Mb/s inbound and 50Mb/s output on the ipsec interface. It sounds like i could be running into this issue?
-
Also we average about 20Mb/s inbound and 50Mb/s output on the ipsec interface. It sounds like i could be running into this issue?
No, we don't use libipsec.
-
if you find a solution please post here
-
The most significant leaks are now fixed in 2.2.5.
-
Great Work!
-