[Openswan Users] pluto causes system out of memory when interop with fortigate

Jason Sigurdur jason.sigurdur at aspenview.org
Mon Aug 23 15:23:35 EDT 2010


Hi, I recently I upgraded to openswan 2.6.28 kernel version 2.6.20-1.2320.fc5 .


Previously , I was having problems interoping a fortigate device into our network. I was getting:



kernel: pluto invoked oom-killer: gfp_mask=0x201d2, order=0, oomkilladj=0
Aug 22 13:14:27 GW13 kernel:
Aug 22 13:14:27 GW13 kernel: Call Trace:
Aug 22 13:14:27 GW13 kernel:  [<ffffffff802b613a>] out_of_memory+0x70/0x2b9
Aug 22 13:14:27 GW13 kernel:  [<ffffffff8020f461>] __alloc_pages+0x24b/0x2d4
Aug 22 13:14:27 GW13 kernel:  [<ffffffff80212a95>] __do_page_cache_readahead+0xa7/0x1ee
Aug 22 13:14:27 GW13 kernel:  [<ffffffff8025f8a4>] __wait_on_bit_lock+0x5b/0x66
Aug 22 13:14:27 GW13 kernel:  [<ffffffff8023ed1f>] __lock_page+0x5e/0x64
Aug 22 13:14:27 GW13 kernel:  [<ffffffff8021346f>] filemap_nopage+0x140/0x338
Aug 22 13:14:27 GW13 kernel:  [<ffffffff802087de>] __handle_mm_fault+0x1f1/0xc78
Aug 22 13:14:27 GW13 kernel:  [<ffffffff80262b33>] do_page_fault+0x458/0x7ca
Aug 22 13:14:27 GW13 kernel:  [<ffffffff80260eed>] error_exit+0x0/0x84
Aug 22 13:14:27 GW13 kernel:
Aug 22 13:14:27 GW13 kernel: Mem-inf


It is still happening after 2-5 days? My other linux vpn systems are up for hundreds of days without restarting, but as soon as I add a ipsec tunnel from the fortigate device to a linux box , I start getting memory issues.
I also noticed that the one vpn from the foritgate gives me  logging every minute:

roposal=defaults pfsgroup=OAKLEY_GROUP_MODP1536}
Aug 23 13:21:54 GW13 pluto[2504]: "ipsec1013" #7164: max number of retransmissions (2) reached STATE_QUICK_I1
Aug 23 13:21:54 GW13 pluto[2504]: "ipsec1013" #7164: starting keying attempt 194 of an unlimited number
Aug 23 13:21:54 GW13 pluto[2504]: "ipsec1013" #7170: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEv2ALLOW to replace #7164 {using isakmp#6954 msgid:baac32f5 proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1536}
Aug 23 13:22:12 GW13 pluto[2504]: "ipsec1013" #7165: max number of retransmissions (2) reached STATE_QUICK_I1
Aug 23 13:22:12 GW13 pluto[2504]: "ipsec1013" #7165: starting keying attempt 96 of an unlimited number
Aug 23 13:22:12 GW13 pluto[2504]: "ipsec1013" #7171: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEv2ALLOW to replace #7165 {using isakmp#6954 msgid:9221cf23 proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1536}


Any suggestions appreciated.

jason


More information about the Users mailing list