[Openswan Users] pluto causes system out of memory when interop with fortigate
jason.sigurdur at aspenview.org
Mon Aug 23 16:39:57 EDT 2010
Hi, is the LEAK_DETECTIVE enabled in the Makefile.options?
From: Paul Wouters [paul at xelerance.com]
Sent: Monday, August 23, 2010 1:37 PM
To: Jason Sigurdur
Cc: users at openswan.org
Subject: Re: [Openswan Users] pluto causes system out of memory when interop with fortigate [Spam score:8%]
On Mon, 23 Aug 2010, Jason Sigurdur wrote:
> Hi, I recently I upgraded to openswan 2.6.28 kernel version 2.6.20-1.2320.fc5 .
> Previously , I was having problems interoping a fortigate device into our network. I was getting:
> kernel: pluto invoked oom-killer: gfp_mask=0x201d2, order=0, oomkilladj=0
> It is still happening after 2-5 days? My other linux vpn systems are up for hundreds of days without restarting, but as soon as I add a ipsec tunnel from the fortigate device to a linux box , I start getting memory issues.
> I also noticed that the one vpn from the foritgate gives me logging every minute:
Looks like you are still leaking if it still happens.
> Any suggestions appreciated.
Edit programs/pluto/Makefile and enable LEAK_DETECTIVE. Run for a while (half a day?) so
that you leaked enough memory and do a proper "restart" of the ipsec service. It should
then log to the system log all the memory leaks. Post that here.
More information about the Users