mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 03:52:28 +02:00
OpenVPN is an open source VPN daemon
b0bff55901
If --mlock is used, the amount of memory OpenVPN can use is guarded by the RLIMIT_MEMLOCK value (see mlockall(2)). The OS default for this is usually 64 Kbyte, which is enough for OpenVPN to initialize, but as soon as the first TLS handshake comes it, OpenVPN will crash due to "ouf of memory", and might even end up in a crash loop. Steady-state OpenVPN requires between 8 MB and 30-50 MB (servers with many concurrent clients) of memory. TLS renegotiation with EC keys requires up to 90 MB of transient memory. So: with this patch, we check if getrlimit() is available, and if yes, log the amount of mlock'able memory. If the amount is below 100 MB, which is an arbitrary value "large enough for most smaller deployments", we try to increase the limits to 100 MB, and abort if this fails. v2: change arbitrary number to 100 MB, introduce #define for it not only check but also increase with setrlimit() uncrustify fixes v3: OpenSolaris has mlockall() and getrlimit(), but no RLIMIT_MEMLOCK - make code conditional on HAVE_GETRLIMIT *and* RLIMIT_MEMLOCK add Changes.rst entry Trac: #1390 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Selva Nair <selva.nair@gmail.com> Message-Id: <20210310124808.14741-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21657.html Signed-off-by: Gert Doering <gert@greenie.muc.de> |
||
---|---|---|
.github | ||
.travis | ||
build | ||
contrib | ||
debug | ||
dev-tools | ||
distro | ||
doc | ||
include | ||
m4 | ||
sample | ||
src | ||
tests | ||
.git-blame-ignore-revs | ||
.gitattributes | ||
.gitignore | ||
.mailmap | ||
.svncommitters | ||
.travis.yml | ||
AUTHORS | ||
ChangeLog | ||
Changes.rst | ||
compat.m4 | ||
config-msvc-version.h.in | ||
config-msvc.h | ||
configure.ac | ||
CONTRIBUTING.rst | ||
COPYING | ||
COPYRIGHT.GPL | ||
INSTALL | ||
Makefile.am | ||
msvc-build.bat | ||
msvc-dev.bat | ||
msvc-env.bat | ||
NEWS | ||
openvpn.sln | ||
PORTS | ||
README | ||
README.ec | ||
README.IPv6 | ||
README.mbedtls | ||
TODO.IPv6 | ||
version.m4 | ||
version.sh.in |
OpenVPN -- A Secure tunneling daemon Copyright (C) 2002-2018 OpenVPN Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. ************************************************************************* To get the latest release of OpenVPN, go to: https://openvpn.net/index.php/download/community-downloads.html To Build and Install, tar -zxf openvpn-<version>.tar.gz cd openvpn-<version> ./configure make make install or see the file INSTALL for more info. ************************************************************************* For detailed information on OpenVPN, including examples, see the man page http://openvpn.net/man.html For a sample VPN configuration, see http://openvpn.net/howto.html To report an issue, see https://community.openvpn.net/openvpn/report For a description of OpenVPN's underlying protocol, see the file ssl.h included in the source distribution. ************************************************************************* Other Files & Directories: * configure.ac -- script to rebuild our configure script and makefile. * sample/sample-scripts/verify-cn A sample perl script which can be used with OpenVPN's --tls-verify option to provide a customized authentication test on embedded X509 certificate fields. * sample/sample-keys/ Sample RSA keys and certificates. DON'T USE THESE FILES FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE. * sample/sample-config-files/ A collection of OpenVPN config files and scripts from the HOWTO at http://openvpn.net/howto.html ************************************************************************* Note that easy-rsa and tap-windows are now maintained in their own subprojects. Their source code is available here: https://github.com/OpenVPN/easy-rsa https://github.com/OpenVPN/tap-windows The old cross-compilation environment (domake-win) and the Python-based buildsystem have been replaced with openvpn-build: https://github.com/OpenVPN/openvpn-build See the INSTALL file for usage information.