4. OpenVPN using 100% of One Core?

OpenVPN using 100% of One Core?


  • This is the first time I've seen this.  If I'm reading this right, it looks like OpenVPN is using 100% of Core 2 on my SG-4860.  As far as I can tell, there's almost no network traffic (local or otherwise).  I guess I'll reboot.  But, has anyone else seen this on 2.3.4-RELEASE-p1?

    EDIT 1:  I've rebooted, but the CPU Usage on the Dashboard is still showing a fairly constant 25% usage and Diagnostics: System Activity still shows 100% on one core (the core number changes) for /usr/local/sbin/openvpn –config /var/etc/.

    EDIT 2:  I shut down my two OpenVPN clients, one OpenVPN server, the DHCP Service, and DNS Resolver one by one.  The CPU usage returned to normal (near zero) when I restarted the second OpenVPN client.  But it went to 25% when I restarted the DHCP server.  Went back and restarted that second OpenVPN client again and the CPU usage again went back to normal.  I'd read about a race condition between OpenVPN and Resolver (I think).  I assume that was it.
    ![20170805 -- pfSense Diagnostics System Activity High CPU Usage.PNG](/public/imported_attachments/1/20170805 -- pfSense Diagnostics System Activity High CPU Usage.PNG)
    ![20170805 -- pfSense Diagnostics System Activity High CPU Usage.PNG_thumb](/public/imported_attachments/1/20170805 -- pfSense Diagnostics System Activity High CPU Usage.PNG_thumb)

    0

  • For some reason, this behavior (OpenVPN getting stuck using 100% of one core) has changed.  This problem used to happen upon initial boot of the pfSense box.  This morning, I noticed the problem had happened without a reboot.  Running through the "restart each VPN client and Resolver" process does clear it.  But, going back to the Dashboard a while later again has one core stuck at 100% using openvpn.  I've done that several times now.  Does anyone else have a method of clearing this?

    0

  • I don't know if it's actually the reason for this (I'd been using this configuration for months without problem), but it looks like it might be a conflict between a Traffic Shaper and the OpenVPN clients on the pfSense box.  I'd had a CODELQ traffic shaper on my WAN and both OpenVPN WANs (to reduce buffer bloat).  I turned that off for both OpenVPN WANs (leaving just the WAN) and the problem went away.  With the Traffic Shaper on the OpenVPN WANs, running a speed test at:

    https://www.dslreports.com/speedtest

    invariably resulted in 100% use of one core until I restarted one or the other of my two OpenVPN clients.  Without the Shaper, no problem.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy