Thanks David for your so quickly replying.
1.
> initiate: 136M
> renegotiate 1 259M
This is fine, because openvpn will hold the old key after the first
renegotiation. Openvpn 2.1 rc4 also will increase the memory after the
first renegotiation.
2.
> renegotiate 2 262M
> renegotiate 3 264M
> renegotiate 4 266M
> renegotiate 5 267M
Openvpn 2.1 rc4 does not increase the memory after the first time
renegotiation, but openvpn 2.3.2 will increase the memory in every
renegotiation time.
3.
I have run openvpn server over 48 hours, and the memory usage is over 450M
for 200 connections, and the memory usage also increase continually.
4.
I mainly used tcp for the testing(udp also has memory leak). When all the
client disconnect, I can see three is no connection in server by status
file, but Openvpn memory also is same with before and no decrease.
5.
I used "top" to see the openvpn memory usage.
6.
I want to use polarssl, so I upgrade the openvpn from 2.1 rc4 to 2.3.2.
Openvpn 2.2.2 does not support polarssl.
But openvpn 2.3.2 with polarssl also has memory leak.
openvpn2.3.2 + polarssl + 200 connections.
initiate 31M
renegotiate 1 44M
renegotiate 2 44M
renegotiate 3 44M
renegotiate 4 45M
.......
7.
I do not use plugin or script in openvpn 2.3.2.
This is server config:
dev tun0
dev-type tun
mode server
tls-server
tun-mtu 1500
proto tcp-server
local 0.0.0.0
port 443
persist-key
persist-tun
verb 3
mute 20
keepalive 10 60
cipher DES-EDE3-CBC
auth SHA1
ca ca.crt
cert server.crt
key server.pem
max-clients 2000
dh dh.dh
duplicate-cn
topology subnet
server 192.168.111.0 255.255.255.0
push "route 11.11.1.0 255.255.255.0"
reneg-sec 600
management 127.0.0.1 7505
status /tmp/status 30
status-version 2
client-config-dir /tmp/ccd/
Thanks,
Brad
On Fri, Sep 27, 2013 at 4:34 PM, David Sommerseth <
openvpn.l...@topphemmelig.net> wrote:
> ----- Original Message -----
> > From: "Brad Zhang" <hebei5...@gmail.com>
> > To: openvpn-users@lists.sourceforge.net
> > Sent: Friday, 27 September, 2013 8:11:56 AM
> > Subject: [Openvpn-users] Does openvpn 2.3.2 has memory leak?
> >
> > Hi all,
> >
> > I tested openvpn 2.3.2 (openssl) with 200 connections. Set the
> renegotiation
> > value to 600 seconds.
> >
> > initiate: 136M
> > renegotiate 1 259M
>
> This gap from initial to the first renegotiation isn't unexpected. It's
> not
> necessarily a leak itself, but most likely memory allocated for each
> client.
> We've estimated earlier that it's roughly 1MB per client. Your growth here
> is around 600KB per client, so I'd say that's within the expected limits.
>
> > renegotiate 2 262M
> > renegotiate 3 264M
> > renegotiate 4 266M
> > renegotiate 5 267M
>
> Here you have incremental steps of 2MB per renegotiation, which means with
> 200 clients roughly 10KB per client. This does however sound like a
> smaller
> memory leak.
>
> For wow long time did you run this test? Did you let the clients
> disconnect at then end to see if the memory impact was reduced after
> OpenVPN
> releases the sessions? (OpenVPN may keep session data for some time after
> a
> disconnect in case it was connection drop-out, esp. with UDP. Look at
> --explicit-exit-notify in the man page for some more information)
>
> Also, how did you measure OpenVPN's memory usage?
>
> > I have tried the openvpn 2.1 rc4, there is no this issue. I do not know
> why
> > the memory usage will increase after one time renegotiation. Could
> someone
> > help me?
>
> To compare against 2.1_rc4 is a bit too big gap. I'd appreciate if you
> could run your test against 2.2.2. And if that's still leaking, you would
> need to check against 2.1.4 (the last 2.1 community version)
>
> Could we also see your server config? Just to see if you use some kind of
> plugins, script hooks or other possible candidates for triggering this
> issue.
>
> I'm running OpenVPN 2.3 servers a couple of places, but not with 200
> clients.
> But I've not noticed any particular issues there. However, if the leak is
> ~10KB per client, it would most likely have had scheduled maintenance
> reboots happening before noticing a leak.
>
>
> --
> kind regards,
>
> David Sommerseth
>
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
