[strongSwan] Memory leak when routing internet traffic via VPN

Alexander Hill alex at hill.net.au
Tue Nov 12 08:06:03 CET 2019


Hi list,

Trying to troubleshoot a weird memory leak on my VPN server.

I have a roadwarrior setup described here -
https://lists.strongswan.org/pipermail/users/2019-October/013878.html

I have nat and mangle iptables rules set up as per the strongswan wiki to
forward internet-bound traffic via NAT.

If I have "leftsubnet=172.30.0.0/16,0.0.0.0/0", the server leaks memory -
available memory decreases steadily until all memory+swap are consumed and
the server needs to be rebooted. No processes are using this memory - the
sum of all shared + RSS is much lower than what htop reports as used, and
nothing I can kill reclaims it.

If I remove the 0.0.0.0/0 traffic selector so that the clients access the
internet directly instead of over the VPN, then memory usage is flat.
Alternatively, if I leave the 0.0.0.0/0 traffic selector but turn off as
many internet-using things on the clients as I can, memory usage is flat.
It really looks like traffic being routed via NAT over the VPN is causing
some kind of memory leak.

Does anyone have any ideas about how to start troubleshoot or fix this?

Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20191112/13fcf58e/attachment.html>


More information about the Users mailing list