[strongSwan-dev] strongswan 4.6.2: charon unstable/crashes when establishing a lot of connections

Martin Willi martin at strongswan.org
Fri Apr 13 11:43:59 CEST 2012


> 2) On increasing the number of connections (entries in ipsec.conf
> file) to 4000, charon crashes and respawns randomly during tunnel
> creations:

> 3) On increasing the number of connections further to 10,000, Charon
> process crashes during loading of the ipsec.conf file itself
> (ipsec.conf file has 10,000 conn <xx> entries), with out of memory
> error:

> Apr 12 15:22:29 femtoslave3 charon: 71[CFG] received stroke: add
> connection 'host_5896'
> Apr 12 12:52:29 femtoslave3 out of memory [5196]
> Apr 12 12:52:29 femtoslave3 out of memory [5196]

At least in the second case this looks like you are really running out
of memory, and probably the OOM killer just kills charon?

> If there is any known limitation for charon to establish/initiate huge
> number of IPSec connections ?

Except from memory, probably not. But please be aware that the
ipsec.conf configuration backend is not really designed to scale well
with thousands of connection entries (you can handle several thousand
responder tunnels just fine with a few ipsec.conf entries, though).

To test scalability, we use our load-tester plugin [1] that has written
just for that purpose. It is somewhat limited when using custom
credentials, but should be easy to extend for your purposes.



More information about the Dev mailing list