Traffic Shaping ovpnc interface results in extreme CPU usage
-
Dear folks,
since upgrading one system for testing from 2.1 to 2.3.5, there have been extreme issues due to CPU usage.
The system is used as a VPN gateway at a remote side and uses OpenVPN in Client mode as well as a CBQ shaper on the openvpn interface.
However, after a few minutes (or heavy activity) the openvpn process pegs the CPU at 100% (mostly kernel time), and it stays that way even if the traffic stops.
The high CPU causes timeouts and makes realtime apps (VoiP / RDP) unusable.
Also, SSH connections to PFSense may break off as well as the WebGUI becomes sluggish/unresposive.As soon as the traffic shaper is disabled, the CPU usage drops to a few percent and the issue is gone (except no shaping, of course).
There have been a few reports about this, but no solution of using openvpn together with the shaper on 2.3.x:
https://forum.pfsense.org/index.php?topic=134769.0
https://forum.pfsense.org/index.php?topic=83861.15
The altq config looks as follows:
altq on ovpnc1 cbq qlimit 600 bandwidth 7168Kb queue { qACK, qDefault, qDFSR, qHigh, qVeryHigh } queue qACK on ovpnc1 bandwidth 15% priority 6 cbq ( red , rio , ecn , borrow ) queue qDefault on ovpnc1 bandwidth 20% priority 3 cbq ( red , rio , ecn , default , borrow ) queue qDFSR on ovpnc1 bandwidth 20% priority 3 qlimit 550 cbq ( red , rio , ecn , borrow ) queue qHigh on ovpnc1 bandwidth 20% priority 4 cbq ( red , rio , ecn , borrow ) queue qVeryHigh on ovpnc1 bandwidth 20% priority 5 cbq ( red , rio , ecn , borrow )Are there any insights into where to start debugging?
We'd really like to upgrade from the older 2.1 versions.