misc/117271: OpenVPN TAP uses 99% CPU on releng_6 when if_tap is in
emilec at clarotech.co.za
Wed Oct 17 05:50:02 PDT 2007
>Synopsis: OpenVPN TAP uses 99% CPU on releng_6 when if_tap is in /boot/loader.conf
>Arrival-Date: Wed Oct 17 12:50:01 UTC 2007
>Originator: Emile Coetzee
FreeBSD x 6.2-STABLE FreeBSD 6.2-STABLE #36: Thu Oct 11 02:46:55 SAST 2007 root at x:/usr/obj/usr/src/sys/X i386
Tracking RELENG_6 with if_tap_load="YES" in /boot/loader.conf. When you start openvpn (/usr/local/sbin/openvpn --cd /usr/local/etc/openvpn --config /usr/local/etc/openvpn/tapsvr.conf) top will list openvpn on 99% CPU usage and the system will become non-responsive.
If you remove if_tap_load="YES" from /boot/loader.conf boot the system, run kldload if_tap and start openvpn, the problem does not occur. Compiling tap into the kernel as a pseudo device works correctly as well.
If I track RELENG_6_2 I can load if_tap from loader.conf and start openvpn tap service without experiencing any high CPU usage problems as decribed above.
So it would seem there is a difference loading the tap device at boot time using loader.conf than loading it from the command line or as part of the kernel in RELENG_6
I first reported this on the mailing lists in March 2007. At that time I did notice some very recent changes for if_tap in the source tree which might be the cause of the problem.
Install openvpn from ports (/usr/ports/security/openvpn)
Configure a VPN server using the tap device (the defaults will do).
set if_tap_load="YES" in /boot/loader.conf
start openvpn: /usr/local/sbin/openvpn --cd /usr/local/etc/openvpn --config /usr/local/etc/openvpn/tapsvr.conf
The workaround is to remove if_tap from loader.conf and load it after boot time or compile it into the kernel.
More information about the freebsd-bugs