Openvpn tap uses 99% cpu time
freebsd-stable at clarotech.co.za
Wed Oct 3 06:49:59 PDT 2007
I hope you can still remember this post from way back when. You can read the
Up until now we have been tracking RELENG_6_2 without any issues but I was
forced to look at this again to get a newer NIC working where I needed
So quick recap: A while ago I hit a problem where the openvpn tap service
would kill my machine with 99% CPU usage. I could reproduce this on a number
of machines. I have now produced a way to prevent and reproduce the problem,
so hopefully if someone else can reproduce this we can find a proper fix.
I have been loading my tap device using /boot/loader.conf
So I removed this from the loader. Rebooted and tried to start openvpn
(/usr/local/sbin/openvpn --cd /usr/local/etc/openvpn --config
/usr/local/etc/openvpn/tapsvr.conf) It would not start (obviously as there
was no tap device).
I then loaded the tap device using kldload (kldload if_tap) and tried again.
This time is started and surprise, surprise no 99% CPU problem. Not wanting
to have to load the device before starting openvpn I then compiled the tap
device into my kernel which did the trick.
So it seems that there is a problem with loading the tap device from
loader.conf on RELENG_6. This works correctly on RELENG_6_2.
Do you want to see if you can reproduce this first or should I open a bug?
From: owner-freebsd-stable at freebsd.org
[mailto:owner-freebsd-stable at freebsd.org] On Behalf Of Emile Coetzee
Posted At: 20 March 2007 14:16 PM
Posted To: freebsd-stable
Conversation: Openvpn tap uses 99% cpu time
Subject: RE: Openvpn tap uses 99% cpu time
Emile Coetzee wrote:
> Okay I finally have a ktrace of the offending process. You can view it
>>Thanks for this. If this is the correct trace, of the correct process,
then it looks like OpenVPN is hanging immediately on opening the tap
>>One thing that does jump out at me is the use of the persist-tun
keyword. Can you try removing the use of this keyword? It is something
I've never had to use with OpenVPN.<<
I did try it without the persist settings and it seemed to work but then I
put it back again and that worked too (i.e. no 100% CPU usage). However
after restarting the box and repeating the tests, both produced the 100% CPU
What I suspect happened is that somehow the tap device was already present
and thus openvpn did not need to create one. I then tried to use the
cloned_interfaces="tap0" to see if that would create a tap device for me at
boot time. But the server hung similarly to when openvpn uses 100% CPU time
more or less where I would expect it to initialize the NICs. Unfortunately I
did not think to check if the tap device was present before testing it
without the persist setting. So it's a bit of mystery.
I have lost the box I was testing on (off to a client) and will only be able
to setup a new one to do testing on next week. So I will feed back with any
freebsd-stable at freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
More information about the freebsd-stable