[Openswan Users] pluto causes system out of memory when interop with fortigate

Paul Wouters paul at xelerance.com
Mon Aug 23 15:37:01 EDT 2010

On Mon, 23 Aug 2010, Jason Sigurdur wrote:

> Hi, I recently I upgraded to openswan 2.6.28 kernel version 2.6.20-1.2320.fc5 .
> Previously , I was having problems interoping a fortigate device into our network. I was getting:
> kernel: pluto invoked oom-killer: gfp_mask=0x201d2, order=0, oomkilladj=0

> It is still happening after 2-5 days? My other linux vpn systems are up for hundreds of days without restarting, but as soon as I add a ipsec tunnel from the fortigate device to a linux box , I start getting memory issues.
> I also noticed that the one vpn from the foritgate gives me  logging every minute:

Looks like you are still leaking if it still happens.

> Any suggestions appreciated.

Edit programs/pluto/Makefile and enable LEAK_DETECTIVE. Run for a while (half a day?) so
that you leaked enough memory and do a proper "restart" of the ipsec service. It should
then log to the system log all the memory leaks. Post that here.


More information about the Users mailing list