SoftEther Instability

[opensrcguy]

Hi,

I have configured the VPN server in a ubuntu machine following the instructions mentioned below:

https://gist.github.com/amanjuman/6a40d ... 14e4a3d3b4

https://www.softether-download.com/en.aspx

I have used the Software VPN Server (Ver 4.29). Currently this is installed in a 1G memory, 1 vCPU machine in AWS t2.micro machine with 15 GB of disk. There are only 5 users will be connected to the VPN server.

OS Image that is used:
ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-20191002

We are having Instability issue and sometimes it fails with Out of memory(see below) and sometimes after VPN is connected
when we access the application servers using URL it doesn't connect. Sometimes we see the VPN client(Windows 10) don't connect with error code 1 or error code 131 . Time is properly syncronised and all needed ports like 500(udp),4500(udp) , 1701,1194, 443,5555,992 is opened on vpn server. I have disabled NAT in the configuration but I am getting strange issue like my internet goes down when softether is connected.


Attached is the VPN server configurations. Can some one please help in this regard?

Questions:
1. What is the stable version of SoftEther VPN server for ubuntu 18.04?
2. What are the reasons of this issues?
3. What is the minimum CPU and memory required to run SoftEther without any disconnects?

Sometimes we get error popup message :

** Connected with NAT traversal - might be unstable **

This VPN Client is connected to the VPN Server 'ip-192-168-0-235' by using the NAT Traversal (UDP Hole Punching) technology.

NAT Traversal allows the VPN Server behind the NAT-box to accept VPN connections from VPN Client without any port-forwarding setting on the NAT-box.

However, NAT Traversal-based VPN sessions sometimes become unstable, because NAT Traversal uses UDP-based protocol. For example, the VPN tunnel disconnects every 5 minutes if there is a poor NAT-box between the VPN Server and the VPN Client. Some large-scale NAT gateways in cheap ISPs sometimes cause the same problem on NAT Traversal. This is a problem of routers or ISPs. This is not a problem of SoftEther VPN software.

To solve the unstable tunnel problem, you should connect to the VPN Server's TCP listener port directly, instead of using NAT Traversal. To connect to the VPN Server directly by using TCP, a listener port of the VPN Server must be exposed to the Internet by a port-forward setting on the NAT-box. Ask the administrator of the NAT-box, or refer to the manual of the NAT-box to add a port-forwarding setting on the NAT-box.

If this message still remains despite the VPN Server is exposing a TCP port to the Internet, check the "Disable NAT-T" checkbox on the VPN Client connection setting screen.


===================================================================================
wmtest-stdbvpn-instance login: [65001.374529] Out of memory: Kill process 4095 (vpnserver) score 1422 or sacrifice child
[65001.383832] Killed process 4095 (vpnserver) total-vm:1097812kB, anon-rss:647420kB, file-rss:0kB, shmem-rss:0kB
[65014.329305] Out of memory: Kill process 4114 (vpnserver) score 1422 or sacrifice child
[65014.337554] Killed process 4114 (vpnserver) total-vm:1097812kB, anon-rss:647416kB, file-rss:0kB, shmem-rss:0kB
[65016.607154] Out of memory: Kill process 4123 (vpnserver) score 1422 or sacrifice child
[65016.612786] Killed process 4123 (vpnserver) total-vm:1097812kB, anon-rss:647416kB, file-rss:0kB, shmem-rss:0kB
[65053.264340] Out of memory: Kill process 4155 (vpnserver) score 1422 or sacrifice child
[65053.272114] Killed process 4155 (vpnserver) total-vm:1097812kB, anon-rss:647416kB, file-rss:0kB, shmem-rss:0kB
[65061.922978] Out of memory: Kill process 4168 (vpnserver) score 1422 or sacrifice child
[65061.932527] Killed process 4168 (vpnserver) total-vm:1097812kB, anon-rss:647416kB, file-rss:0kB, shmem-rss:0kB
[65067.951060] Out of memory: Kill process 4179 (vpnserver) score 1422 or sacrifice child
[65067.959073] Killed process 4179 (vpnserver) total-vm:1097812kB, anon-rss:647416kB, file-rss:0kB, shmem-rss:0kB
[65089.276458] Out of memory: Kill process 4202 (vpnserver) score 1422 or sacrifice child
[65089.286350] Killed process 4202 (vpnserver) total-vm:1097812kB, anon-rss:647416kB, file-rss:0kB, shmem-rss:0kB
[65100.775126] Out of memory: Kill process 4217 (vpnserver) score 1422 or sacrifice child
[65100.781684] Killed process 4217 (vpnserver) total-vm:1097812kB, anon-rss:647416kB, file-rss:0kB, shmem-rss:0kB
[65170.040453] Out of memory: Kill process 4267 (vpnserver) score 1422 or sacrifice child
[65170.048094] Killed process 4267 (vpnserver) total-vm:1097812kB, anon-rss:647416kB, file-rss:0kB, shmem-rss:0kB
[65216.274297] Out of memory: Kill process 4300 (vpnserver) score 1422 or sacrifice child
[65216.280376] Killed process 4300 (vpnserver) total-vm:1097812kB, anon-rss:647416kB, file-rss:0kB, shmem-rss:0kB
[65218.884375] Out of memory: Kill process 4305 (vpnserver) score 1422 or sacrifice child
[65218.891556] Killed process 4305 (vpnserver) total-vm:1097812kB, anon-rss:647416kB, file-rss:0kB, shmem-rss:0kB
[65266.561032] Out of memory: Kill process 4341 (vpnserver) score 1422 or sacrifice child
[65266.568702] Killed process 4341 (vpnserver) total-vm:1097812kB, anon-rss:647416kB, file-rss:0kB, shmem-rss:0kB
[65336.354952] Out of memory: Kill process 4382 (vpnserver) score 1422 or sacrifice child
[65336.362912] Killed process 4382 (vpnserver) total-vm:1097812kB, anon-rss:647416kB, file-rss:0kB, shmem-rss:0kB
[65336.685321] Out of memory: Kill process 4383 (vpnserver) score 1422 or sacrifice child
[65336.693055] Killed process 4383 (vpnserver) total-vm:1097812kB, anon-rss:647416kB, file-rss:0kB, shmem-rss:0kB
[65338.429611] Out of memory: Kill process 4386 (vpnserver) score 1422 or sacrifice child
[65338.437983] Killed process 4386 (vpnserver) total-vm:1097812kB, anon-rss:647416kB, file-rss:0kB, shmem-rss:0kB
[65339.597630] Out of memory: Kill process 4387 (vpnserver) score 1422 or sacrifice child
[65339.606554] Killed process 4387 (vpnserver) total-vm:1097812kB, anon-rss:647416kB, file-rss:0kB, shmem-rss:0kB
[65339.883742] Out of memory: Kill process 4388 (vpnserver) score 1422 or sacrifice child
[65339.891324] Killed process 4388 (vpnserver) total-vm:1097812kB, anon-rss:647416kB, file-rss:0kB, shmem-rss:0kB
[73654.542588] systemd[1]: Failed to start Snappy daemon.
[73751.714096] systemd[1]: Failed to start Snappy daemon.
[73751.722459] systemd[1]: Failed to start Journal Service.

[sky59]

It is not powerful machine, 1G ram has got RPi

What is the output of "free" command?

[opensrcguy]

free -m
total used free shared buff/cache available
Mem: 983 742 88 0 152 94
Swap: 0 0 0

[sky59]

Not enough memory

Something else is eating RAM

Stop VPN and check free - m

[opensrcguy]

I tried that already and something in the softether is taking more memory , Not sure there is a already a existing bug in v29. Is there a any stable version without memory leak is available. After restarting the vpn server it

/usr/local/vpnserver# free -m
total used free shared buff/cache available
Mem: 983 108 749 0 125 742
Swap: 0 0 0

After there is one VPN connection it takes around 70MB memory initially. After some time it took around 200 MB without doing anything and the free memory decreases as per below stats. So that confirms there is somewhere memory leak. Could you also let me know why I get the popup(described in the original description of this issue) which says NAT to disable even if I disabled the NAT in the vpnserver I get the popup?

/usr/local/vpnserver# free -m
total used free shared buff/cache available
Mem: 983 193 660 0 128 655
Swap: 0 0 0

/usr/local/vpnserver# free -m
total used free shared buff/cache available
Mem: 983 485 357 0 140 357
Swap: 0 0 0

/usr/local/vpnserver# free -m
total used free shared buff/cache available
Mem: 983 598 240 0 144 242
Swap: 0 0 0