New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I used a tester to test VPN throughput and found that charon’s memory usage was high and was killed by the kernel. Is there any solution to limit memory usage? #2193
Comments
Please provide a lot more information. |
@tobiasbrunner Thank you for your reply. According to the test feedback from my classmates, the memory of the charon process will occupy more than 6G and then be killed. I am not sure whether this is a memory leak or the memory occupied by normal business. If you can determine that this is abnormal memory usage, I can retest and display all configurations and memory records in detail. |
Well, how could I determine that without knowing what you actually did? You haven't provided any information at all (config, logs etc.) or details on what that "tester" did. Also, what does "VPN throughput" mean? Because strongSwan is an IKE daemon, it does not usually handle IPsec traffic. |
I will provide complete information for you to judge later. The current situation is that, as shown in the red box in the picture, this process occupies more than 6G of memory, is directly killed by the kernel kill -9, and will always restart. |
I can't read the stuff in some of these images. Anyway, as I said before, strongSwan does not generally handle IPsec traffic (or get affected by it). So the question is: are you using kernel-libipsec? If so, don't! |
I understand what you mean, but if the data packet is sent quickly, the charon process will occupy more than 6G of memory and then be killed by the kernel. |
I didn't use the --enable-kernel-libipsec parameter during compilation, but the charon process was still killed due to memory usage reaching 6GB. I'll try using a new version. |
That doubt this has anything to do with the version. Did you make sure that everything from the previous installation was removed? |
I will conduct the first test using CentOS 7 with version 5.7.2, and then proceed with the second test using CentOS Stream with the latest version of StrongSwan. Please await my update. |
System (please complete the following information):
Describe the bug
I used a tester to test VPN throughput and found that charon’s memory usage was high and was killed by the kernel. Is there any solution to limit memory usage?
The text was updated successfully, but these errors were encountered: