Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Traffic Shaping ovpnc interface results in extreme CPU usage

    Scheduled Pinned Locked Moved Traffic Shaping
    1 Posts 1 Posters 439 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      namezero111111
      last edited by

      Dear folks,

      since upgrading one system for testing from 2.1 to 2.3.5, there have been extreme issues due to CPU usage.

      The system is used as a VPN gateway at a remote side and uses OpenVPN in Client mode as well as a CBQ shaper on the openvpn interface.

      However, after a few minutes (or heavy activity) the openvpn process pegs the CPU at 100% (mostly kernel time), and it stays that way even if the traffic stops.
      The high CPU causes timeouts and makes realtime apps (VoiP / RDP) unusable.
      Also, SSH connections to PFSense may break off as well as the WebGUI becomes sluggish/unresposive.

      As soon as the traffic shaper is disabled, the CPU usage drops to a few percent and the issue is gone (except no shaping, of course).

      There have been a few  reports about this, but no solution of using openvpn together with the shaper on 2.3.x:

      https://forum.pfsense.org/index.php?topic=134769.0

      https://forum.pfsense.org/index.php?topic=83861.15

      The altq config looks as follows:

      
       altq on ovpnc1 cbq qlimit 600  bandwidth 7168Kb queue {  qACK,  qDefault,  qDFSR,  qHigh,  qVeryHigh  }
      queue qACK on ovpnc1 bandwidth 15% priority 6 cbq (  red  , rio  , ecn ,  borrow  )
      queue qDefault on ovpnc1 bandwidth 20% priority 3 cbq (  red  , rio  , ecn  , default ,  borrow  )
      queue qDFSR on ovpnc1 bandwidth 20% priority 3 qlimit 550 cbq (  red  , rio  , ecn ,  borrow  )
      queue qHigh on ovpnc1 bandwidth 20% priority 4 cbq (  red  , rio  , ecn ,  borrow  )
      queue qVeryHigh on ovpnc1 bandwidth 20% priority 5 cbq (  red  , rio  , ecn ,  borrow  )
      
      

      Are there any insights into where to start debugging?
      We'd really like to upgrade from the older 2.1 versions.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.