diff --git a/config.cfg b/config.cfg
index 1af7e13..e380970 100644
--- a/config.cfg
+++ b/config.cfg
@@ -7,12 +7,16 @@ easyrsa_cert_expire: 3650
 # If True re-init all existing certificates. (True or False)
 easyrsa_reinit_existent: False
 
+# Strongswan cgroup limitations
+ipsec_memory_limit: 67108864
+
 vpn_network: 10.19.48.0/24
 vpn_network_ipv6: 'fd9d:bc11:4020::/48'
 # https://www.sixxs.net/tools/whois/?fd9d:bc11:4020::/48
 server_name: "{{ ansible_ssh_host }}"
 IP_subject_alt_name: "{{ ansible_ssh_host }}"
 
+
 # Enable this variable if you want to use a local DNS resolver to block ads while surfing. (True or False)
 service_dns: True
 
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index f96a4b3..9752cc8 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -53,6 +53,7 @@
     - sendmail
     - unattended-upgrades
     - iptables-persistent
+    - cgroup-tools
 
 - name: Configure unattended-upgrades
   template: src=50unattended-upgrades.j2 dest=/etc/apt/apt.conf.d/50unattended-upgrades owner=root group=root mode=0644
diff --git a/roles/vpn/handlers/main.yml b/roles/vpn/handlers/main.yml
index 203e1ef..8abb32c 100644
--- a/roles/vpn/handlers/main.yml
+++ b/roles/vpn/handlers/main.yml
@@ -1,5 +1,5 @@
 - name: restart strongswan
-  service: name=strongswan state=restarted
+  systemd: name=strongswan state=restarted daemon_reload=yes
 
 - name: restart apparmor
   service: name=apparmor state=restarted
diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml
index 1b41d0a..959861f 100644
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@@ -11,7 +11,7 @@
     - /usr/lib/ipsec/lookip
     - /usr/lib/ipsec/stroke
   notify:
-  - restart apparmor
+    - restart apparmor
 
 - name: Enable services
   service: name={{ item }} enabled=yes
@@ -26,20 +26,28 @@
 - name: Ensure that the strongswan user exist
   user: name=strongswan group=strongswan state=present
   
+- name: Ensure that the strongswan service directory exist
+  file: path=/etc/systemd/system/strongswan.service.d/ state=directory mode=0755  owner=root group=root
+  
+- name: Setup the cgroup limitations for the ipsec daemon
+  template: src=100-CustomLimitations.conf.j2 dest=/etc/systemd/system/strongswan.service.d/100-CustomLimitations.conf
+  notify:
+    - restart strongswan
+  
 - name: Setup the strongswan.conf file from our template
   template: src=strongswan.conf.j2 dest=/etc/strongswan.conf owner=root group=root mode=0644
   notify:
-  - restart strongswan  
+    - restart strongswan  
 
 - name: Setup the ipsec.conf file from our template
   template: src=ipsec.conf.j2 dest=/etc/ipsec.conf owner=root group=root mode=0644
   notify:
-  - restart strongswan
+    - restart strongswan
 
 - name: Setup the ipsec.secrets file
   template: src=ipsec.secrets.j2 dest=/etc/ipsec.secrets owner=strongswan group=root mode=0600
   notify:
-  - restart strongswan
+    - restart strongswan
 
 - name: Fetch easy-rsa-ipsec from git
   git: repo=git://github.com/ValdikSS/easy-rsa-ipsec.git version=ed4de10d7ce0726357fb1bb4729f8eb440c06e2b dest="{{ easyrsa_dir }}"
@@ -100,17 +108,17 @@
 - name: Copy the CA cert to the strongswan directory
   copy: remote_src=True src='{{ easyrsa_dir }}/easyrsa3/pki/ca.crt' dest=/etc/ipsec.d/cacerts/ca.crt owner=strongswan group=root mode=0600
   notify:
-  - restart strongswan
+    - restart strongswan
 
 - name: Copy the server cert to the strongswan directory
   copy: remote_src=True src='{{ easyrsa_dir }}/easyrsa3/pki/issued/{{ IP_subject_alt_name }}.crt' dest=/etc/ipsec.d/certs/{{ IP_subject_alt_name }}.crt owner=strongswan group=root mode=0600
   notify:
-  - restart strongswan
+    - restart strongswan
 
 - name: Copy the server key to the strongswan directory
   copy: remote_src=True src='{{ easyrsa_dir }}/easyrsa3/pki/private/{{ IP_subject_alt_name }}.key' dest=/etc/ipsec.d/private/{{ IP_subject_alt_name }}.key owner=strongswan group=root mode=0600
   notify:
-  - restart strongswan
+    - restart strongswan
 
 - name: Register p12 PayloadContent
   shell: >
diff --git a/roles/vpn/templates/100-CustomLimitations.conf.j2 b/roles/vpn/templates/100-CustomLimitations.conf.j2
new file mode 100644
index 0000000..b855e4e
--- /dev/null
+++ b/roles/vpn/templates/100-CustomLimitations.conf.j2
@@ -0,0 +1,2 @@
+[Service]
+MemoryLimit={{ ipsec_memory_limit }}