misc/117271: OpenVPN TAP uses 99% CPU on releng_6 when if_tap is in /boot/loader.conf

Emile Coetzee emilec at clarotech.co.za
Wed Oct 17 05:50:02 PDT 2007

>Number:         117271
>Category:       misc
>Synopsis:       OpenVPN TAP uses 99% CPU on releng_6 when if_tap is in /boot/loader.conf
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 17 12:50:01 UTC 2007
>Originator:     Emile Coetzee
>Release:        RELENG_6
Clarotech Consulting
FreeBSD x 6.2-STABLE FreeBSD 6.2-STABLE #36: Thu Oct 11 02:46:55 SAST 2007     root at x:/usr/obj/usr/src/sys/X  i386
Tracking RELENG_6 with if_tap_load="YES" in /boot/loader.conf. When you start openvpn (/usr/local/sbin/openvpn --cd /usr/local/etc/openvpn --config /usr/local/etc/openvpn/tapsvr.conf) top will list openvpn on 99% CPU usage and the system will become non-responsive.

If you remove if_tap_load="YES" from /boot/loader.conf boot the system, run kldload if_tap and start openvpn, the problem does not occur. Compiling tap into the kernel as a pseudo device works correctly as well.

If I track RELENG_6_2 I can load if_tap from loader.conf and start openvpn tap service without experiencing any high CPU usage problems as decribed above. 

So it would seem there is a difference loading the tap device at boot time using loader.conf than loading it from the command line or as part of the kernel in RELENG_6

I first reported this on the mailing lists in March 2007. At that time I did notice some very recent changes for if_tap in the source tree which might be the cause of the problem. 

Track RELENG_6
Install openvpn from ports (/usr/ports/security/openvpn)
Configure a VPN server using the tap device (the defaults will do).
set if_tap_load="YES" in /boot/loader.conf
start openvpn: /usr/local/sbin/openvpn --cd /usr/local/etc/openvpn --config /usr/local/etc/openvpn/tapsvr.conf
The workaround is to remove if_tap from loader.conf and load it after boot time or compile it into the kernel.


More information about the freebsd-bugs mailing list