Hi all, On systems with a lot of traffic (and a lot of broadcast) we're experiencing what seems to be a memory leak on OpenVPN.
We're currently using version 2.3.6 (but I've not seen anything related to this problem in the 2.3.8 changelog), TCP protocol on a TAP interface; below, the complete configuration. The process starts using a reasonable amount of RAM and, after a while, it begins eating memory. Something like (not the same run, but you get the idea): # ps aux | grep openvpn openvpn 5750 0.7 1.7 77992 74140 ? Ss Aug11 496:07 /usr/sbin/openvpn --config /etc/openvpn/openvpn.conf [...] # ps aux | grep openvpn openvpn 9881 3.7 7.9 331020 327988 ? Rs Aug16 2290:11 /usr/sbin/openvpn --config /etc/openvpn/openvpn.conf The process keeps growing, until OOM kicks in. We have already tried tweaking the configuration with little luck, and we think this is a bug. Has anyone seen something like this? In the logs: Sep 25 01:34:02 server1 openvpn[29990]: MBUF: mbuf packet dropped Sep 25 01:34:02 server1 openvpn[29990]: MBUF: mbuf packet dropped Sep 25 01:34:02 server1 openvpn[29990]: MBUF: mbuf packet dropped [..] Sep 25 01:34:02 server1 openvpn[7394]: TCPv4_SERVER link remote: [AF_INET]1.2.3.4:43630 Sep 25 01:34:02 server1 openvpn[7394]: place114/1.2.3.4:41528 write TCPv4_SERVER: Broken pipe (code=32) Sep 25 01:34:02 server1 openvpn[7394]: place114/1.2.3.4:41528 write TCPv4_SERVER: Broken pipe (code=32) Sep 25 01:34:02 server1 openvpn[7394]: place114/1.2.3.4:41528 write TCPv4_SERVER: Broken pipe (code=32) [..] Sep 25 01:34:02 server1 openvpn[29990]: MBUF: mbuf packet dropped Sep 25 01:34:02 server1 openvpn[29990]: MBUF: mbuf packet dropped Sep 25 01:34:02 server1 openvpn[29990]: MBUF: mbuf packet dropped Sep 25 01:34:02 server1 openvpn[29990]: MBUF: mbuf packet dropped [..] Sep 25 01:34:02 server1 openvpn[7394]: place114/1.2.3.4:41528 write TCPv4_SERVER: Broken pipe (code=32) Sep 25 01:34:02 server1 openvpn[7394]: place114/1.2.3.4:41528 write TCPv4_SERVER: Broken pipe (code=32) Sep 25 01:34:02 server1 openvpn[7394]: place114/1.2.3.4:41528 write TCPv4_SERVER: Broken pipe (code=32) Sep 25 01:34:02 server1 openvpn[7394]: place114/1.2.3.4:41528 write TCPv4_SERVER: Broken pipe (code=32) Sep 25 01:34:02 server1 openvpn[7394]: place114/1.2.3.4:41528 write TCPv4_SERVER: Broken pipe (code=32) [..] Sep 25 01:34:02 server1 openvpn[7394]: place114/1.2.3.4:41528 write TCPv4_SERVER: Broken pipe (code=32) Sep 25 01:34:02 server1 openvpn[7394]: place114/1.2.3.4:41528 Connection reset, restarting [0] Sep 25 01:34:02 server1 openvpn[7394]: place114/1.2.3.4:41528 SIGUSR1[soft,connection-reset] received, client-instance restarting Sep 25 01:34:02 server1 openvpn[7394]: TCP/UDP: Closing socket [..] Sep 25 01:34:02 server1 openvpn[7394]: 1.2.3.4:62091 TCPv4_SERVER link remote: [AF_INET]1.2.3.4:38763 Sep 25 01:34:02 server1 openvpn[7394]: place2/1.2.3.5:43372 write TCPv4_SERVER: Connection reset by peer (code=104) Sep 25 01:34:02 server1 openvpn[7394]: place3/1.2.3.6:49160 write TCPv4_SERVER: Connection reset by peer (code=104) Sep 25 01:34:02 server1 openvpn[7394]: place4/1.2.3.7:27134 write TCPv4_SERVER: Connection reset by peer (code=104) Sep 25 01:34:02 server1 openvpn[7394]: place5/1.2.3.8:41930 write TCPv4_SERVER: Broken pipe (code=32) [..] Sep 25 01:34:02 server1 openvpn[29990]: MBUF: mbuf packet dropped Sep 25 01:34:02 server1 openvpn[29990]: MBUF: mbuf packet dropped Sep 25 01:34:02 server1 openvpn[7394]: place42/1.2.3.9:39793 write TCPv4_SERVER: Broken pipe (code=32) Sep 25 01:34:02 server1 openvpn[7394]: place42/1.2.3.9:39793 write TCPv4_SERVER: Broken pipe (code=32) [..] Sep 25 01:34:02 server1 openvpn[29990]: MBUF: dereferenced queued packet Sep 25 01:34:02 server1 openvpn[29990]: MBUF: dereferenced queued packet Sep 25 01:34:02 server1 openvpn[29990]: MBUF: dereferenced queued packet [..] Sep 25 01:34:02 server1 openvpn[7394]: place6/1.2.3.4:19928 write TCPv4_SERVER: Broken pipe (code=32) Sep 25 01:34:02 server1 openvpn[7394]: place9/1.2.3.11:39353 write TCPv4_SERVER: Connection reset by peer (code=104) Sep 25 01:34:02 server1 openvpn[7394]: place10/1.2.3.4:12924 write TCPv4_SERVER: Broken pipe (code=32) [..] Sep 25 01:39:02 server1 openvpn[7277]: MBUF: mbuf packet dropped Sep 25 01:39:02 server1 openvpn[7277]: MBUF: mbuf packet dropped Sep 25 01:39:02 server1 openvpn[7277]: place117/1.2.3.4:55393 write TCPv4_SERVER: Broken pipe (code=32) Sep 25 01:39:02 server1 openvpn[7277]: place7/1.2.3.4:34491 write TCPv4_SERVER: Broken pipe (code=32) [..] Sep 25 01:39:02 server1 openvpn[7277]: MBUF: mbuf packet dropped Sep 25 01:39:02 server1 openvpn[7277]: MBUF: mbuf packet dropped [..] Sep 25 01:39:07 server1 openvpn[7277]: place12/1.2.3.4:12551 write TCPv4_SERVER: Broken pipe (code=32) Sep 25 01:39:07 server1 openvpn[7277]: MULTI: multi_create_instance called Sep 25 01:39:07 server1 openvpn[7277]: Re-using SSL/TLS context Sep 25 01:39:07 server1 openvpn[7277]: LZO compression initialized Sep 25 01:39:07 server1 openvpn[7277]: Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ] Sep 25 01:39:07 server1 openvpn[7277]: Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ] Sep 25 01:39:07 server1 openvpn[7277]: Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server' Sep 25 01:39:07 server1 openvpn[7277]: Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client' Sep 25 01:39:07 server1 openvpn[7277]: Local Options hash (VER=V4): '3e6d1056' Sep 25 01:39:07 server1 openvpn[7277]: Expected Remote Options hash (VER=V4): '31fdf004' Sep 25 01:39:07 server1 openvpn[7277]: TCP connection established with [AF_INET]1.2.3.12:45589 Sep 25 01:39:07 server1 openvpn[7277]: TCPv4_SERVER link local: [undef] Sep 25 01:39:07 server1 openvpn[7277]: TCPv4_SERVER link remote: [AF_INET]1.2.3.12:45589 Sep 25 01:39:07 server1 openvpn[7277]: place432/1.2.3.13:58124 Connection reset, restarting [0] Sep 25 01:39:07 server1 openvpn[7277]: place432/1.2.3.13:58124 SIGUSR1[soft,connection-reset] received, client-instance restarting ; OpenVPN settings daemon mode server tls-server proto tcp port 2443 tmp-dir /var/tmp multihome user openvpn group openvpn cd /var/openvpn script-security 3 dev tap2 server 10.0.0.0 255.255.224.0 ; some push "route address netmask" lines passtos comp-lzo management 127.0.0.1 5556 keepalive 20 120 tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun persist-local-ip persist-remote-ip bcast-buffers 4096 writepid /var/run/openvpn/openvpn.pid ifconfig-pool-persist openvpn.leases status /tmp/openvpn-status.log 30 status-version 2 verb 5 client-connect "/usr/bin/openvpn-client-connect" client-disconnect "/usr/bin/openvpn-client-disconnect" up "/usr/bin/dir.d-exec /etc/openvpn/ifup.server.d/" down "/usr/bin/dir.d-exec /etc/openvpn/ifdown.server.d/" dh /etc/openvpn/dh1024.pem cert "/etc/openvpn/ca/certs/cert.pem" key "/etc/openvpn/ca/certs/key.pem" ca "/etc/openvpn/ca/cacerts/cacert.pem" client-cert-not-required auth-user-pass-verify "/usr/bin/openvpn-auth-env" via-env username-as-common-name Thanks in advance! -- Davide Alberani <[email protected]> [PGP KeyID: 0x465BFD47] http://www.mimante.net/ ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
