All, we are running Openvpn 2.3.2 on Fedora17/64Bit with 8GByte RAM total (EoL, yes we are aware) and seem to run into a memory leak situation, as following:
- around 2955 Openvpn session running OK for 23'58" - memory allocated 3247mByte, memory reserved 2.5gByte, CPU utilization ~1% (see "status-prior-o-vpnrestart-131009.rtf") - script-security 2 (in openvpn.conf) After exactly 24hours, allocated and reserved memory of the openvpn-process start to increase in 1-2Mbyte steps, without seeing an increase in the amount of Openvpn sessions and steps up to around 3970mByte for the allocated and 3.2gByte for the reserved memory. Then Openvpn crashes! (see bottom "status-prior-o-vpnrestart-131009.rtf") The behavior of this symptom has been recognized in Openvpn 2.2.2-7 and 2.3.2 as following: > Openvpn 2.2.2-7: keeps reporting "external program fork failed" 2.2.2-7 endlessly keeps reporting a fork failed, when the client-connect script should be executed, no new openvpn sessions can be established but the process stays alive. WARNING: Failed running command (--client-connect): external program fork failed WARNING: Failed running command (--client-connect): external program fork failed WARNING: Failed running command (--client-connect): external program fork failed > Openvpn 2.3.2: exiting due to fatal error (openvpn is killed) When a certain memory stage from a perspective of allocated and reserved memory is reached, following scenario happens: Oct 9 15:40:29 ip-10-56-61-152 openvpn[25964]: openvpn_execve: unable to fork: Cannot allocate memory (errno=12) Oct 9 15:40:29 ip-10-56-61-152 openvpn[25964]: Exiting due to fatal error Please, can you analyze the issue and send us a feedback about the possible root cause and mitigation? snip log: ------------------------------ Oct 9 15:40:29 ip-10-56-61-152 openvpn[25964]: openvpn_execve: unable to fork: Cannot allocate memory (errno=12) Oct 9 15:40:29 ip-10-56-61-152 openvpn[25964]: Exiting due to fatal error Oct 9 15:40:29 ip-10-56-61-152 openvpn[25964]: Closing TUN/TAP interface Oct 9 15:40:29 ip-10-56-61-152 openvpn[25964]: /usr/sbin/ip addr del dev tap1 172.16.0.1/17 Oct 9 15:40:29 ip-10-56-61-152 openvpn[25964]: openvpn_execve: unable to fork: Cannot allocate memory (errno=12) Oct 9 15:40:29 ip-10-56-61-152 openvpn[25964]: Exiting due to fatal error ^C[ec2-user@localhost ~]$ [ec2-user@localhost ~]$ sudo tail -f /var/log/messages Oct 9 15:40:27 ip-10-56-61-152 openvpn[25964]: NL-200000134777/109.37.153.117:41299 NOTE: --mute triggered... Oct 9 15:40:29 ip-10-56-61-152 openvpn[25964]: DE-2024460/139.7.160.82:42187 40 variation(s) on previous 10 message(s) suppressed by --mute Oct 9 15:40:29 ip-10-56-61-152 openvpn[25964]: DE-2024460/139.7.160.82:42187 Connection reset, restarting [0] Oct 9 15:40:29 ip-10-56-61-152 openvpn[25964]: DE-2024460/139.7.160.82:42187 SIGUSR1[soft,connection-reset] received, client-instance restarting Oct 9 15:40:29 ip-10-56-61-152 openvpn[25964]: openvpn_execve: unable to fork: Cannot allocate memory (errno=12) Oct 9 15:40:29 ip-10-56-61-152 openvpn[25964]: Exiting due to fatal error Oct 9 15:40:29 ip-10-56-61-152 openvpn[25964]: Closing TUN/TAP interface Oct 9 15:40:29 ip-10-56-61-152 openvpn[25964]: /usr/sbin/ip addr del dev tap1 172.16.0.1/17 Oct 9 15:40:29 ip-10-56-61-152 openvpn[25964]: openvpn_execve: unable to fork: Cannot allocate memory (errno=12) Oct 9 15:40:29 ip-10-56-61-152 openvpn[25964]: Exiting due to fatal error thx and regards, AO _____________________________________________________________________________________________________________________________________________ ****************************************************** Notice: The information contained in this message is intended only for use of the individual(s) named above and may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this message you are hereby notified that you must not use, disseminate , copy it in any form or take any action in reliance of it. If you have received this message in error please delete it and any copies of it and notify the sender immediately. *******************************************************
status-prior-o-vpnrestart-131009.rtf
Description: RTF file