Hi Here is my ipsec.conf :
ike esp from /24 to /24 peer main auth hmac-sha1 enc aes-256 group modp1024 lifetime 28800 quick auth hmac-sha1 enc aes-256 group modp1024 lifetime 3600 srcid psk '' tag vpn ike passive esp transport proto udp from to any port 1701 main auth hmac-sha1 enc aes group modp2048 quick auth hmac-sha1 enc aes srcid psk "" tag vpnrw ike esp from /32 to /24 peer main auth hmac-sha2-256 enc aes-256 group modp1024 lifetime 3600 quick auth hmac-sha2-256 enc aes-256 group modp2048 lifetime 1200 srcid psk '' ike esp from /32 to /24 peer main auth hmac-sha2-256 enc aes-256 group modp1024 lifetime 3600 quick auth hmac-sha2-256 enc aes-256 group modp1024 lifetime 1200 srcid psk '' ike esp from to /24 peer main auth hmac-sha1 enc aes-256 group modp1024 lifetime 28800 quick auth hmac-sha1 enc aes-256 group modp1024 lifetime 3600 srcid psk '' tag vpn Actually the isakmpd process is eating more than 100MB of memory per day. Nicolas 17 juin 2017 11:13 "Michał Koc" a écrit: Hi Nicolas, We are currently investigating some isakmpd memory problem with the devs. We have isakmpd running more than 100 tunnels. Please post Your ipsec.conf with auth data and addresses anonimised to investigate. best regards Michał Koc ------ Wiadomość oryginalna ------ Temat: Re: isakmpd memory usage Nadawca: Nicolas Repentin (mailto:nico...@shivaserv.fr) Adresat: misc@openbsd.org (mailto:misc@openbsd.org) Data: 17.06.2017 09:49 No one ? Le 13 juin 2017 09:11:02 GMT+02:00, Nicolas (mailto:nico...@shivaserv.fr) a écrit : Hi everyone I'm searching some help about isakmpd, which is eating a lot of memory, until the machine crash. It's an OpenBSD 6.1 on Qemu KVM (ganeti). After 3 days, the process is using 650MB of memory. When she's "freezed", she's unreachable on network, and on console she's blinking on tty, like normal, but we can't write anything on it. No .core are generated. I got a lot of errors like "INVALID_ID_INFORMATION" on "NO_PROPOSAL_CHOSEN" on ipsec logs, but ipsec connections are working. Any idea how I can debug it? Thanks, Nicolas