OpenVPN using 100% of One Core?



  • This is the first time I've seen this.  If I'm reading this right, it looks like OpenVPN is using 100% of Core 2 on my SG-4860.  As far as I can tell, there's almost no network traffic (local or otherwise).  I guess I'll reboot.  But, has anyone else seen this on 2.3.4-RELEASE-p1?

    EDIT 1:  I've rebooted, but the CPU Usage on the Dashboard is still showing a fairly constant 25% usage and Diagnostics: System Activity still shows 100% on one core (the core number changes) for /usr/local/sbin/openvpn –config /var/etc/.

    EDIT 2:  I shut down my two OpenVPN clients, one OpenVPN server, the DHCP Service, and DNS Resolver one by one.  The CPU usage returned to normal (near zero) when I restarted the second OpenVPN client.  But it went to 25% when I restarted the DHCP server.  Went back and restarted that second OpenVPN client again and the CPU usage again went back to normal.  I'd read about a race condition between OpenVPN and Resolver (I think).  I assume that was it.
    ![20170805 -- pfSense Diagnostics System Activity High CPU Usage.PNG](/public/imported_attachments/1/20170805 -- pfSense Diagnostics System Activity High CPU Usage.PNG)
    ![20170805 -- pfSense Diagnostics System Activity High CPU Usage.PNG_thumb](/public/imported_attachments/1/20170805 -- pfSense Diagnostics System Activity High CPU Usage.PNG_thumb)



  • For some reason, this behavior (OpenVPN getting stuck using 100% of one core) has changed.  This problem used to happen upon initial boot of the pfSense box.  This morning, I noticed the problem had happened without a reboot.  Running through the "restart each VPN client and Resolver" process does clear it.  But, going back to the Dashboard a while later again has one core stuck at 100% using openvpn.  I've done that several times now.  Does anyone else have a method of clearing this?



  • I don't know if it's actually the reason for this (I'd been using this configuration for months without problem), but it looks like it might be a conflict between a Traffic Shaper and the OpenVPN clients on the pfSense box.  I'd had a CODELQ traffic shaper on my WAN and both OpenVPN WANs (to reduce buffer bloat).  I turned that off for both OpenVPN WANs (leaving just the WAN) and the problem went away.  With the Traffic Shaper on the OpenVPN WANs, running a speed test at:

    https://www.dslreports.com/speedtest

    invariably resulted in 100% use of one core until I restarted one or the other of my two OpenVPN clients.  Without the Shaper, no problem.