Hi Bruce I hope you can still remember this post from way back when. You can read the archives here: http://unix.derkeiler.com/Mailing-Lists/FreeBSD/stable/2007-03/msg00445.html
Up until now we have been tracking RELENG_6_2 without any issues but I was forced to look at this again to get a newer NIC working where I needed RELENG_6. So quick recap: A while ago I hit a problem where the openvpn tap service would kill my machine with 99% CPU usage. I could reproduce this on a number of machines. I have now produced a way to prevent and reproduce the problem, so hopefully if someone else can reproduce this we can find a proper fix. I have been loading my tap device using /boot/loader.conf if_tap_load="YES" So I removed this from the loader. Rebooted and tried to start openvpn (/usr/local/sbin/openvpn --cd /usr/local/etc/openvpn --config /usr/local/etc/openvpn/tapsvr.conf) It would not start (obviously as there was no tap device). I then loaded the tap device using kldload (kldload if_tap) and tried again. This time is started and surprise, surprise no 99% CPU problem. Not wanting to have to load the device before starting openvpn I then compiled the tap device into my kernel which did the trick. So it seems that there is a problem with loading the tap device from loader.conf on RELENG_6. This works correctly on RELENG_6_2. Do you want to see if you can reproduce this first or should I open a bug? Regards Emile -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Emile Coetzee Posted At: 20 March 2007 14:16 PM Posted To: freebsd-stable Conversation: Openvpn tap uses 99% cpu time Subject: RE: Openvpn tap uses 99% cpu time Emile Coetzee wrote: > Okay I finally have a ktrace of the offending process. You can view it here: > http://www.clarotech.co.za/dump/openvpn2.txt > >>Thanks for this. If this is the correct trace, of the correct process, then it looks like OpenVPN is hanging immediately on opening the tap device.<< >>One thing that does jump out at me is the use of the persist-tun keyword. Can you try removing the use of this keyword? It is something I've never had to use with OpenVPN.<< I did try it without the persist settings and it seemed to work but then I put it back again and that worked too (i.e. no 100% CPU usage). However after restarting the box and repeating the tests, both produced the 100% CPU usage issue. What I suspect happened is that somehow the tap device was already present and thus openvpn did not need to create one. I then tried to use the cloned_interfaces="tap0" to see if that would create a tap device for me at boot time. But the server hung similarly to when openvpn uses 100% CPU time more or less where I would expect it to initialize the NICs. Unfortunately I did not think to check if the tap device was present before testing it without the persist setting. So it's a bit of mystery. I have lost the box I was testing on (off to a client) and will only be able to setup a new one to do testing on next week. So I will feed back with any new findings. Cheers Emile _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"