Page 1 of 1

OpenVPN Daemon causes high CPU load on Win 8.1 32-bit

Posted: Mon May 12, 2014 2:06 am
by eumel
I'm using OpenVPN 2.3.4-I001-i686 including the TAP driver 9.0.0.21 on a Win 8.1 32-bit computer. This computer (HP Omni 10) has no ethernet card, but only WiFi and Bluetooth.
When I have a WiFi connection and want to establish a connection to my VPN server OpenVPN issues the message that the connection as establishes sucessfully. However, the TAP adapter indicates no network access but a very high sending data rate (~70mbps) which is much higher than what be possible over the available link. At the same time one CPU core is 100% loaded with the OpenVPN Daemon. No access into the VPN is possible at this time.
If the same configuration is used with a connection via Bluetooth, the TAP adapter behaves as expected (expected data rates, almost no CPU usage) and the devices in the VPN can be accessed. Though all traffic is supposed to be routed through the VPN (redirect-gateway def1), traffic into the internet is not using the VPN tunnel.
Any ideas what could be the root cause for these issues and how to work around those?
See an excerpt of the log for the VPN connection via WiFi below:

Code: Select all

...
Fri May 09 09:33:38 2014 us=577390   ip_win32_defined = DISABLED
Fri May 09 09:33:38 2014 us=577390   ip_win32_type = 3
Fri May 09 09:33:38 2014 us=577390   dhcp_masq_offset = 0
Fri May 09 09:33:38 2014 us=577390   dhcp_lease_time = 31536000
Fri May 09 09:33:38 2014 us=577390   tap_sleep = 0
Fri May 09 09:33:38 2014 us=577390   dhcp_options = DISABLED
Fri May 09 09:33:38 2014 us=577390   dhcp_renew = DISABLED
Fri May 09 09:33:38 2014 us=577390   dhcp_pre_release = DISABLED
Fri May 09 09:33:38 2014 us=577390   dhcp_release = DISABLED
Fri May 09 09:33:38 2014 us=577390   domain = '[UNDEF]'
Fri May 09 09:33:38 2014 us=577390   netbios_scope = '[UNDEF]'
Fri May 09 09:33:38 2014 us=577390   netbios_node_type = 0
Fri May 09 09:33:38 2014 us=577390   disable_nbt = DISABLED
Fri May 09 09:33:38 2014 us=577390 OpenVPN 2.3.4 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May  2 2014
Fri May 09 09:33:38 2014 us=577390 library versions: OpenSSL 1.0.1g 7 Apr 2014, LZO 2.05
Enter Management Password:
Fri May 09 09:33:38 2014 us=593018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri May 09 09:33:38 2014 us=593018 Need hold release from management interface, waiting...
Fri May 09 09:33:39 2014 us=72730 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri May 09 09:33:39 2014 us=184417 MANAGEMENT: CMD 'state on'
Fri May 09 09:33:39 2014 us=184417 MANAGEMENT: CMD 'log all on'
Fri May 09 09:33:39 2014 us=496938 MANAGEMENT: CMD 'hold off'
Fri May 09 09:33:39 2014 us=496938 MANAGEMENT: CMD 'hold release'
Fri May 09 09:33:59 2014 us=407006 MANAGEMENT: CMD 'username "Auth" "xxx"'
Fri May 09 09:33:59 2014 us=500774 MANAGEMENT: CMD 'password [...]'
Fri May 09 09:34:01 2014 us=823155 MANAGEMENT: CMD 'proxy NONE  '
Fri May 09 09:34:02 2014 us=837256 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri May 09 09:34:03 2014 us=102671 LZO compression initialized
Fri May 09 09:34:03 2014 us=102671 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri May 09 09:34:03 2014 us=102671 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri May 09 09:34:03 2014 us=102671 MANAGEMENT: >STATE:1399642443,RESOLVE,,,
Fri May 09 09:34:04 2014 us=288639 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Fri May 09 09:34:04 2014 us=288639 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Fri May 09 09:34:04 2014 us=288639 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Fri May 09 09:34:04 2014 us=288639 Local Options hash (VER=V4): '22188c5b'
Fri May 09 09:34:04 2014 us=288639 Expected Remote Options hash (VER=V4): 'a8f55717'
Fri May 09 09:34:04 2014 us=288639 UDPv4 link local: [undef]
Fri May 09 09:34:04 2014 us=288639 UDPv4 link remote: [AF_INET]91.4.xxx.xxx:1194
Fri May 09 09:34:04 2014 us=288639 MANAGEMENT: >STATE:1399642444,WAIT,,,
Fri May 09 09:34:05 2014 us=370560 MANAGEMENT: >STATE:1399642445,AUTH,,,
Fri May 09 09:34:05 2014 us=370560 TLS: Initial packet from [AF_INET]91.4.xxx.xxx:1194, sid=164a3d18 f4f4c84c
Fri May 09 09:34:05 2014 us=370560 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri May 09 09:34:13 2014 us=834473 VERIFY OK: depth=1, C=TW, ST=Taiwan, L=Taipei, O=QNAP Systems Inc., OU=NAS, CN=TS Series NAS, name=NAS, emailAddress=admin@qnap.com
Fri May 09 09:34:13 2014 us=834473 VERIFY OK: depth=0, C=TW, ST=Taiwan, L=Taipei, O=QNAP Systems Inc., OU=NAS, CN=TS Series NAS, name=NAS, emailAddress=admin@qnap.com
Fri May 09 09:34:17 2014 us=228287 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri May 09 09:34:17 2014 us=228287 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 09 09:34:17 2014 us=228287 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri May 09 09:34:17 2014 us=228287 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 09 09:34:17 2014 us=228287 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri May 09 09:34:17 2014 us=228287 [TS Series NAS] Peer Connection Initiated with [AF_INET]91.4.xxx.xxx:1194
Fri May 09 09:34:18 2014 us=22605 MANAGEMENT: >STATE:1399642458,GET_CONFIG,,,
Fri May 09 09:34:19 2014 us=79831 SENT CONTROL [TS Series NAS]: 'PUSH_REQUEST' (status=1)
Fri May 09 09:34:23 2014 us=972886 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 192.168.178.1,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5'
Fri May 09 09:34:23 2014 us=972886 OPTIONS IMPORT: timers and/or timeouts modified
Fri May 09 09:34:23 2014 us=972886 OPTIONS IMPORT: --ifconfig/up options modified
Fri May 09 09:34:23 2014 us=972886 OPTIONS IMPORT: route options modified
Fri May 09 09:34:23 2014 us=972886 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri May 09 09:34:24 2014 us=35388 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri May 09 09:34:24 2014 us=35388 MANAGEMENT: >STATE:1399642464,ASSIGN_IP,,10.8.0.6,
Fri May 09 09:34:24 2014 us=35388 open_tun, tt->ipv6=0
Fri May 09 09:34:24 2014 us=35388 TAP-WIN32 device [LAN-Verbindung 2] opened: \\.\Global\{4A9B3DA8-AC05-4E5F-B39D-2AC099AEBE94}.tap
Fri May 09 09:34:24 2014 us=35388 TAP-Windows Driver Version 9.21 
Fri May 09 09:34:24 2014 us=51014 TAP-Windows MTU=1500
Fri May 09 09:34:24 2014 us=51014 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {4A9B3DA8-AC05-4E5F-B39D-2AC099AEBE94} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Fri May 09 09:34:24 2014 us=51014 DHCP option string: 0604c0a8 b201
Fri May 09 09:34:24 2014 us=51014 Successful ARP Flush on interface [21] {4A9B3DA8-AC05-4E5F-B39D-2AC099AEBE94}
Fri May 09 09:34:30 2014 us=63737 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Fri May 09 09:34:30 2014 us=79204 C:\Windows\system32\route.exe ADD 91.4.xxx.xxx MASK 255.255.255.255 192.168.1.1
Fri May 09 09:34:30 2014 us=94969 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Fri May 09 09:34:30 2014 us=94969 Route addition via IPAPI succeeded [adaptive]
Fri May 09 09:34:30 2014 us=94969 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Fri May 09 09:34:30 2014 us=94969 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Fri May 09 09:34:30 2014 us=94969 Route addition via IPAPI succeeded [adaptive]
Fri May 09 09:34:30 2014 us=94969 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Fri May 09 09:34:30 2014 us=110455 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Fri May 09 09:34:30 2014 us=110455 Route addition via IPAPI succeeded [adaptive]
Fri May 09 09:34:30 2014 us=110455 MANAGEMENT: >STATE:1399642470,ADD_ROUTES,,,
Fri May 09 09:34:30 2014 us=110455 C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
Fri May 09 09:34:30 2014 us=126079 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Fri May 09 09:34:30 2014 us=126079 Route addition via IPAPI succeeded [adaptive]
Fri May 09 09:34:30 2014 us=126079 Initialization Sequence Completed
Fri May 09 09:34:30 2014 us=126079 MANAGEMENT: >STATE:1399642470,CONNECTED,SUCCESS,10.8.0.6,91.4.xxx.xxx

Re: OpenVPN Daemon causes high CPU load on Win 8.1 32-bit

Posted: Tue May 13, 2014 1:39 am
by eumel
Hi debbie10t,

Many thanks for the hint with the tcp-server/tcp-client. Unfortunately I'm currently traveling and cannot reach my OpenVPN Server due to this issue. I'll try when I'm back in about 2 weeks.

Re: OpenVPN Daemon causes high CPU load on Win 8.1 32-bit

Posted: Thu Jan 14, 2016 10:04 pm
by Terminatorthree
Hi,

did you ever find a solution for this? I'm currently running into the same problem but have no idea where to dig deeper.
Latest OpenVPN 2.3.10 on Windows 8.1 (Microsoft Surface) creates about 200mbit of outgoing traffic and does not allow any connection.

Thanks for any hint!