[Swan] Pluto consumes all available memory

Paul Wouters paul at nohats.ca
Wed Apr 29 04:51:55 EEST 2015


On Tue, 28 Apr 2015, Will Roberts wrote:

> We recently switched to Libreswan 3.12 from OpenSwan. Over the past week I've 
> started having some connectivity issues with a few of my servers. After the 
> SA is established the following message is logged:

> I'm running Debian 7.x 64bit on my servers. My monitoring infrastructure will 
> set up short-lived tunnels to the servers to verify that they are accepting 
> connections and able to properly route traffic. Let me know if there's 
> anything else I can provide to help diagnose this.

We have some leak detective code you can enable.

1) add --leak-detective to the startup argument list of pluto
    (in the service file)

2) Let it run until you've seen the process get bigger.

3) nicely shut down pluto
    (systemctl stop ipsec.service or ipsec whack --shutdown)

4) Check the logs for "leak" messages

Paul


More information about the Swan mailing list