[Openvpn-users] OpenVPN Client heating 100% CPU

Florent B Tue, 10 Jun 2014 05:40:53 -0700

Hi all,

I come back to you with a 100% CPU problem.


I had a similar problem with Padlock hardware, which was not resolved.

But now I have the exact same problem with an Intel CPU, so I'm thinking
that OpenVPN Client is the cause.

First, hardware is a E3-1245 V2 (with AES-NI).

I use Debian Wheezy on it.

OpenSSL EVP supports AES-NI hardware, as you can see (without EVP and
with EVP) :

root@vpn01:~# openssl speed aes-256-cbc
Doing aes-256 cbc for 3s on 16 size blocks: 18888611 aes-256 cbc's in 2.99s
Doing aes-256 cbc for 3s on 64 size blocks: 5017775 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 256 size blocks: 1273662 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 1024 size blocks: 318123 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 8192 size blocks: 39506 aes-256 cbc's in 3.00s
OpenSSL 1.0.1e 11 Feb 2013
built on: Wed Jun  4 18:39:57 UTC 2014
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial)
blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2
-fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro
-Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM
-DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192
bytes
aes-256 cbc     101076.18k   107045.87k   108685.82k   108585.98k  
107877.72k


root@vpn01:~# openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 90969378 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 64 size blocks: 23807189 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 256 size blocks: 6182438 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 1024 size blocks: 1548491 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 8192 size blocks: 194236 aes-256-cbc's in 3.00s
OpenSSL 1.0.1e 11 Feb 2013
built on: Wed Jun  4 18:39:57 UTC 2014
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial)
blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2
-fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro
-Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM
-DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192
bytes
aes-256-cbc     485170.02k   507886.70k   527568.04k   528551.59k  
530393.77k



So, for me, problem is not hardware or openssl related.

Now, when I run OpenVPN using attached config, openvpn process is
heating 100% CPU. Log is also attached.
I run it with --route-noexec as testing purpose so don't care about
routing warnings.

Is someone can help me to find the problem ? :)

I tested with OpenVPN 2.3.2 and problem is still present....

Thank you a lot for your help :)

Flo

Tue Jun 10 14:34:06 2014 us=846864 Current Parameter Settings:
Tue Jun 10 14:34:06 2014 us=846930   config = '/etc/openvpn/iPredator.conf.bak'
Tue Jun 10 14:34:06 2014 us=846942   mode = 0
Tue Jun 10 14:34:06 2014 us=846951   persist_config = DISABLED
Tue Jun 10 14:34:06 2014 us=846960   persist_mode = 1
Tue Jun 10 14:34:06 2014 us=846968   show_ciphers = DISABLED
Tue Jun 10 14:34:06 2014 us=846976   show_digests = DISABLED
Tue Jun 10 14:34:06 2014 us=846985   show_engines = DISABLED
Tue Jun 10 14:34:06 2014 us=846993   genkey = DISABLED
Tue Jun 10 14:34:06 2014 us=847001   key_pass_file = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847009   show_tls_ciphers = DISABLED
Tue Jun 10 14:34:06 2014 us=847018 Connection profiles [default]:
Tue Jun 10 14:34:06 2014 us=847026   proto = udp
Tue Jun 10 14:34:06 2014 us=847034   local = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847042   local_port = 1194
Tue Jun 10 14:34:06 2014 us=847050   remote = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847058   remote_port = 1194
Tue Jun 10 14:34:06 2014 us=847066   remote_float = DISABLED
Tue Jun 10 14:34:06 2014 us=847074   bind_defined = DISABLED
Tue Jun 10 14:34:06 2014 us=847082   bind_local = DISABLED
Tue Jun 10 14:34:06 2014 us=847090   connect_retry_seconds = 5
Tue Jun 10 14:34:06 2014 us=847098   connect_timeout = 10
Tue Jun 10 14:34:06 2014 us=847106   connect_retry_max = 0
Tue Jun 10 14:34:06 2014 us=847115   socks_proxy_server = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847123   socks_proxy_port = 0
Tue Jun 10 14:34:06 2014 us=847130   socks_proxy_retry = DISABLED
Tue Jun 10 14:34:06 2014 us=847138 Connection profiles [0]:
Tue Jun 10 14:34:06 2014 us=847146   proto = udp
Tue Jun 10 14:34:06 2014 us=847154   local = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847162   local_port = 0
Tue Jun 10 14:34:06 2014 us=847170   remote = 'pw.openvpn.ipredator.se'
Tue Jun 10 14:34:06 2014 us=847178   remote_port = 1194
Tue Jun 10 14:34:06 2014 us=847186   remote_float = DISABLED
Tue Jun 10 14:34:06 2014 us=847194   bind_defined = DISABLED
Tue Jun 10 14:34:06 2014 us=847202   bind_local = DISABLED
Tue Jun 10 14:34:06 2014 us=847210   connect_retry_seconds = 5
Tue Jun 10 14:34:06 2014 us=847218   connect_timeout = 10
Tue Jun 10 14:34:06 2014 us=847225   connect_retry_max = 0
Tue Jun 10 14:34:06 2014 us=847233   socks_proxy_server = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847241   socks_proxy_port = 0
Tue Jun 10 14:34:06 2014 us=847248   socks_proxy_retry = DISABLED
Tue Jun 10 14:34:06 2014 us=847256 Connection profiles [1]:
Tue Jun 10 14:34:06 2014 us=847264   proto = udp
Tue Jun 10 14:34:06 2014 us=847272   local = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847279   local_port = 0
Tue Jun 10 14:34:06 2014 us=847287   remote = 'pw.openvpn.ipredator.me'
Tue Jun 10 14:34:06 2014 us=847295   remote_port = 1194
Tue Jun 10 14:34:06 2014 us=847303   remote_float = DISABLED
Tue Jun 10 14:34:06 2014 us=847311   bind_defined = DISABLED
Tue Jun 10 14:34:06 2014 us=847318   bind_local = DISABLED
Tue Jun 10 14:34:06 2014 us=847326   connect_retry_seconds = 5
Tue Jun 10 14:34:06 2014 us=847334   connect_timeout = 10
Tue Jun 10 14:34:06 2014 us=847341   connect_retry_max = 0
Tue Jun 10 14:34:06 2014 us=847349   socks_proxy_server = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847357   socks_proxy_port = 0
Tue Jun 10 14:34:06 2014 us=847364   socks_proxy_retry = DISABLED
Tue Jun 10 14:34:06 2014 us=847372 Connection profiles [2]:
Tue Jun 10 14:34:06 2014 us=847380   proto = udp
Tue Jun 10 14:34:06 2014 us=847388   local = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847395   local_port = 0
Tue Jun 10 14:34:06 2014 us=847403   remote = 'pw.openvpn.ipredator.es'
Tue Jun 10 14:34:06 2014 us=847411   remote_port = 1194
Tue Jun 10 14:34:06 2014 us=847418   remote_float = DISABLED
Tue Jun 10 14:34:06 2014 us=847426   bind_defined = DISABLED
Tue Jun 10 14:34:06 2014 us=847434   bind_local = DISABLED
Tue Jun 10 14:34:06 2014 us=847441   connect_retry_seconds = 5
Tue Jun 10 14:34:06 2014 us=847449   connect_timeout = 10
Tue Jun 10 14:34:06 2014 us=847457   connect_retry_max = 0
Tue Jun 10 14:34:06 2014 us=847465   socks_proxy_server = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847479   socks_proxy_port = 0
Tue Jun 10 14:34:06 2014 us=847487   socks_proxy_retry = DISABLED
Tue Jun 10 14:34:06 2014 us=847495 Connection profiles END
Tue Jun 10 14:34:06 2014 us=847503   remote_random = DISABLED
Tue Jun 10 14:34:06 2014 us=847511   ipchange = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847520   dev = 'tun0'
Tue Jun 10 14:34:06 2014 us=847528   dev_type = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847536   dev_node = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847544   lladdr = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847552   topology = 1
Tue Jun 10 14:34:06 2014 us=847559   tun_ipv6 = DISABLED
Tue Jun 10 14:34:06 2014 us=847567   ifconfig_local = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847575   ifconfig_remote_netmask = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847583   ifconfig_noexec = DISABLED
Tue Jun 10 14:34:06 2014 us=847590   ifconfig_nowarn = DISABLED
Tue Jun 10 14:34:06 2014 us=847598   ifconfig_ipv6_local = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847606   ifconfig_ipv6_netbits = 0
Tue Jun 10 14:34:06 2014 us=847614   ifconfig_ipv6_remote = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847621   shaper = 0
Tue Jun 10 14:34:06 2014 us=847629   tun_mtu = 1500
Tue Jun 10 14:34:06 2014 us=847637   tun_mtu_defined = ENABLED
Tue Jun 10 14:34:06 2014 us=847644   link_mtu = 1500
Tue Jun 10 14:34:06 2014 us=847652   link_mtu_defined = DISABLED
Tue Jun 10 14:34:06 2014 us=847660   tun_mtu_extra = 0
Tue Jun 10 14:34:06 2014 us=847667   tun_mtu_extra_defined = DISABLED
Tue Jun 10 14:34:06 2014 us=847675   fragment = 0
Tue Jun 10 14:34:06 2014 us=847683   mtu_discover_type = -1
Tue Jun 10 14:34:06 2014 us=847690   mtu_test = 0
Tue Jun 10 14:34:06 2014 us=847698   mlock = DISABLED
Tue Jun 10 14:34:06 2014 us=847715   keepalive_ping = 10
Tue Jun 10 14:34:06 2014 us=847721   keepalive_timeout = 30
Tue Jun 10 14:34:06 2014 us=847728   inactivity_timeout = 0
Tue Jun 10 14:34:06 2014 us=847733   ping_send_timeout = 10
Tue Jun 10 14:34:06 2014 us=847739   ping_rec_timeout = 30
Tue Jun 10 14:34:06 2014 us=847765   ping_rec_timeout_action = 2
Tue Jun 10 14:34:06 2014 us=847774   ping_timer_remote = DISABLED
Tue Jun 10 14:34:06 2014 us=847783   remap_sigusr1 = 0
Tue Jun 10 14:34:06 2014 us=847791   explicit_exit_notification = 0
Tue Jun 10 14:34:06 2014 us=847799   persist_tun = ENABLED
Tue Jun 10 14:34:06 2014 us=847806   persist_local_ip = DISABLED
Tue Jun 10 14:34:06 2014 us=847814   persist_remote_ip = DISABLED
Tue Jun 10 14:34:06 2014 us=847822   persist_key = ENABLED
Tue Jun 10 14:34:06 2014 us=847830   mssfix = 1450
Tue Jun 10 14:34:06 2014 us=847838   passtos = ENABLED
Tue Jun 10 14:34:06 2014 us=847846   resolve_retry_seconds = 1000000000
Tue Jun 10 14:34:06 2014 us=847854   username = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847861   groupname = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847869   chroot_dir = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847877   cd_dir = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847884   writepid = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=847892   up_script = '/etc/openvpn/iPredator-connect.sh'
Tue Jun 10 14:34:06 2014 us=847900   down_script = '/etc/openvpn/iPredator-disconnect.sh'
Tue Jun 10 14:34:06 2014 us=847908   down_pre = DISABLED
Tue Jun 10 14:34:06 2014 us=847915   up_restart = DISABLED
Tue Jun 10 14:34:06 2014 us=847923   up_delay = DISABLED
Tue Jun 10 14:34:06 2014 us=847931   daemon = DISABLED
Tue Jun 10 14:34:06 2014 us=847939   inetd = 0
Tue Jun 10 14:34:06 2014 us=847946   log = ENABLED
Tue Jun 10 14:34:06 2014 us=847954   suppress_timestamps = DISABLED
Tue Jun 10 14:34:06 2014 us=847962   nice = 0
Tue Jun 10 14:34:06 2014 us=847970   verbosity = 4
Tue Jun 10 14:34:06 2014 us=847977   mute = 0
Tue Jun 10 14:34:06 2014 us=847985   gremlin = 0
Tue Jun 10 14:34:06 2014 us=847993   status_file = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848000   status_file_version = 1
Tue Jun 10 14:34:06 2014 us=848008   status_file_update_freq = 60
Tue Jun 10 14:34:06 2014 us=848016   occ = ENABLED
Tue Jun 10 14:34:06 2014 us=848024   rcvbuf = 65536
Tue Jun 10 14:34:06 2014 us=848031   sndbuf = 65536
Tue Jun 10 14:34:06 2014 us=848048   sockflags = 0
Tue Jun 10 14:34:06 2014 us=848056   fast_io = DISABLED
Tue Jun 10 14:34:06 2014 us=848064   lzo = 7
Tue Jun 10 14:34:06 2014 us=848074   route_script = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848082   route_default_gateway = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848090   route_default_metric = 0
Tue Jun 10 14:34:06 2014 us=848098   route_noexec = ENABLED
Tue Jun 10 14:34:06 2014 us=848106   route_delay = 0
Tue Jun 10 14:34:06 2014 us=848113   route_delay_window = 30
Tue Jun 10 14:34:06 2014 us=848121   route_delay_defined = DISABLED
Tue Jun 10 14:34:06 2014 us=848129   route_nopull = DISABLED
Tue Jun 10 14:34:06 2014 us=848137   route_gateway_via_dhcp = DISABLED
Tue Jun 10 14:34:06 2014 us=848144   max_routes = 100
Tue Jun 10 14:34:06 2014 us=848152   allow_pull_fqdn = DISABLED
Tue Jun 10 14:34:06 2014 us=848160   management_addr = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848168   management_port = 0
Tue Jun 10 14:34:06 2014 us=848176   management_user_pass = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848183   management_log_history_cache = 250
Tue Jun 10 14:34:06 2014 us=848191   management_echo_buffer_size = 100
Tue Jun 10 14:34:06 2014 us=848199   management_write_peer_info_file = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848207   management_client_user = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848215   management_client_group = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848223   management_flags = 0
Tue Jun 10 14:34:06 2014 us=848230   shared_secret_file = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848238   key_direction = 0
Tue Jun 10 14:34:06 2014 us=848246   ciphername_defined = ENABLED
Tue Jun 10 14:34:06 2014 us=848254   ciphername = 'AES-256-CBC'
Tue Jun 10 14:34:06 2014 us=848262   authname_defined = ENABLED
Tue Jun 10 14:34:06 2014 us=848269   authname = 'SHA1'
Tue Jun 10 14:34:06 2014 us=848277   prng_hash = 'SHA1'
Tue Jun 10 14:34:06 2014 us=848285   prng_nonce_secret_len = 16
Tue Jun 10 14:34:06 2014 us=848292   keysize = 0
Tue Jun 10 14:34:06 2014 us=848300   engine = DISABLED
Tue Jun 10 14:34:06 2014 us=848308   replay = ENABLED
Tue Jun 10 14:34:06 2014 us=848315   mute_replay_warnings = DISABLED
Tue Jun 10 14:34:06 2014 us=848323   replay_window = 64
Tue Jun 10 14:34:06 2014 us=848331   replay_time = 15
Tue Jun 10 14:34:06 2014 us=848338   packet_id_file = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848346   use_iv = ENABLED
Tue Jun 10 14:34:06 2014 us=848354   test_crypto = DISABLED
Tue Jun 10 14:34:06 2014 us=848361   tls_server = DISABLED
Tue Jun 10 14:34:06 2014 us=848369   tls_client = ENABLED
Tue Jun 10 14:34:06 2014 us=848377   key_method = 2
Tue Jun 10 14:34:06 2014 us=848384   ca_file = '[[INLINE]]'
Tue Jun 10 14:34:06 2014 us=848392   ca_path = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848400   dh_file = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848408   cert_file = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848415   priv_key_file = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848423   pkcs12_file = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848431   cipher_list = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848439   tls_verify = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848447   tls_export_cert = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848454   tls_remote = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848462   crl_file = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848470   ns_cert_type = 64
Tue Jun 10 14:34:06 2014 us=848478   remote_cert_ku[i] = 0
Tue Jun 10 14:34:06 2014 us=848485   remote_cert_ku[i] = 0
Tue Jun 10 14:34:06 2014 us=848493   remote_cert_ku[i] = 0
Tue Jun 10 14:34:06 2014 us=848501   remote_cert_ku[i] = 0
Tue Jun 10 14:34:06 2014 us=848508   remote_cert_ku[i] = 0
Tue Jun 10 14:34:06 2014 us=848516   remote_cert_ku[i] = 0
Tue Jun 10 14:34:06 2014 us=848523   remote_cert_ku[i] = 0
Tue Jun 10 14:34:06 2014 us=848531   remote_cert_ku[i] = 0
Tue Jun 10 14:34:06 2014 us=848539   remote_cert_ku[i] = 0
Tue Jun 10 14:34:06 2014 us=848547   remote_cert_ku[i] = 0
Tue Jun 10 14:34:06 2014 us=848555   remote_cert_ku[i] = 0
Tue Jun 10 14:34:06 2014 us=848562   remote_cert_ku[i] = 0
Tue Jun 10 14:34:06 2014 us=848570   remote_cert_ku[i] = 0
Tue Jun 10 14:34:06 2014 us=848583   remote_cert_ku[i] = 0
Tue Jun 10 14:34:06 2014 us=848591   remote_cert_ku[i] = 0
Tue Jun 10 14:34:06 2014 us=848599   remote_cert_ku[i] = 0
Tue Jun 10 14:34:06 2014 us=848607   remote_cert_eku = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=848614   tls_timeout = 2
Tue Jun 10 14:34:06 2014 us=848622   renegotiate_bytes = 0
Tue Jun 10 14:34:06 2014 us=848630   renegotiate_packets = 0
Tue Jun 10 14:34:06 2014 us=848638   renegotiate_seconds = 3600
Tue Jun 10 14:34:06 2014 us=848645   handshake_window = 60
Tue Jun 10 14:34:06 2014 us=848653   transition_window = 3600
Tue Jun 10 14:34:06 2014 us=848661   single_session = DISABLED
Tue Jun 10 14:34:06 2014 us=848668   push_peer_info = DISABLED
Tue Jun 10 14:34:06 2014 us=848676   tls_exit = DISABLED
Tue Jun 10 14:34:06 2014 us=848684   tls_auth_file = '[[INLINE]]'
Tue Jun 10 14:34:06 2014 us=848692   pkcs11_protected_authentication = DISABLED
Tue Jun 10 14:34:06 2014 us=848700   pkcs11_protected_authentication = DISABLED
Tue Jun 10 14:34:06 2014 us=848708   pkcs11_protected_authentication = DISABLED
Tue Jun 10 14:34:06 2014 us=848715   pkcs11_protected_authentication = DISABLED
Tue Jun 10 14:34:06 2014 us=848723   pkcs11_protected_authentication = DISABLED
Tue Jun 10 14:34:06 2014 us=848739   pkcs11_protected_authentication = DISABLED
Tue Jun 10 14:34:06 2014 us=848745   pkcs11_protected_authentication = DISABLED
Tue Jun 10 14:34:06 2014 us=848750   pkcs11_protected_authentication = DISABLED
Tue Jun 10 14:34:06 2014 us=848762   pkcs11_protected_authentication = DISABLED
Tue Jun 10 14:34:06 2014 us=848794   pkcs11_protected_authentication = DISABLED
Tue Jun 10 14:34:06 2014 us=848805   pkcs11_protected_authentication = DISABLED
Tue Jun 10 14:34:06 2014 us=848812   pkcs11_protected_authentication = DISABLED
Tue Jun 10 14:34:06 2014 us=848818   pkcs11_protected_authentication = DISABLED
Tue Jun 10 14:34:06 2014 us=848824   pkcs11_protected_authentication = DISABLED
Tue Jun 10 14:34:06 2014 us=848830   pkcs11_protected_authentication = DISABLED
Tue Jun 10 14:34:06 2014 us=848845   pkcs11_protected_authentication = DISABLED
Tue Jun 10 14:34:06 2014 us=848862   pkcs11_private_mode = 00000000
Tue Jun 10 14:34:06 2014 us=848870   pkcs11_private_mode = 00000000
Tue Jun 10 14:34:06 2014 us=848878   pkcs11_private_mode = 00000000
Tue Jun 10 14:34:06 2014 us=848886   pkcs11_private_mode = 00000000
Tue Jun 10 14:34:06 2014 us=848894   pkcs11_private_mode = 00000000
Tue Jun 10 14:34:06 2014 us=848902   pkcs11_private_mode = 00000000
Tue Jun 10 14:34:06 2014 us=848909   pkcs11_private_mode = 00000000
Tue Jun 10 14:34:06 2014 us=848917   pkcs11_private_mode = 00000000
Tue Jun 10 14:34:06 2014 us=848925   pkcs11_private_mode = 00000000
Tue Jun 10 14:34:06 2014 us=848933   pkcs11_private_mode = 00000000
Tue Jun 10 14:34:06 2014 us=848940   pkcs11_private_mode = 00000000
Tue Jun 10 14:34:06 2014 us=848948   pkcs11_private_mode = 00000000
Tue Jun 10 14:34:06 2014 us=848956   pkcs11_private_mode = 00000000
Tue Jun 10 14:34:06 2014 us=848964   pkcs11_private_mode = 00000000
Tue Jun 10 14:34:06 2014 us=848972   pkcs11_private_mode = 00000000
Tue Jun 10 14:34:06 2014 us=848979   pkcs11_private_mode = 00000000
Tue Jun 10 14:34:06 2014 us=848987   pkcs11_cert_private = DISABLED
Tue Jun 10 14:34:06 2014 us=848995   pkcs11_cert_private = DISABLED
Tue Jun 10 14:34:06 2014 us=849002   pkcs11_cert_private = DISABLED
Tue Jun 10 14:34:06 2014 us=849010   pkcs11_cert_private = DISABLED
Tue Jun 10 14:34:06 2014 us=849017   pkcs11_cert_private = DISABLED
Tue Jun 10 14:34:06 2014 us=849025   pkcs11_cert_private = DISABLED
Tue Jun 10 14:34:06 2014 us=849033   pkcs11_cert_private = DISABLED
Tue Jun 10 14:34:06 2014 us=849040   pkcs11_cert_private = DISABLED
Tue Jun 10 14:34:06 2014 us=849048   pkcs11_cert_private = DISABLED
Tue Jun 10 14:34:06 2014 us=849056   pkcs11_cert_private = DISABLED
Tue Jun 10 14:34:06 2014 us=849063   pkcs11_cert_private = DISABLED
Tue Jun 10 14:34:06 2014 us=849071   pkcs11_cert_private = DISABLED
Tue Jun 10 14:34:06 2014 us=849078   pkcs11_cert_private = DISABLED
Tue Jun 10 14:34:06 2014 us=849090   pkcs11_cert_private = DISABLED
Tue Jun 10 14:34:06 2014 us=849098   pkcs11_cert_private = DISABLED
Tue Jun 10 14:34:06 2014 us=849105   pkcs11_cert_private = DISABLED
Tue Jun 10 14:34:06 2014 us=849113   pkcs11_pin_cache_period = -1
Tue Jun 10 14:34:06 2014 us=849121   pkcs11_id = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=849129   pkcs11_id_management = DISABLED
Tue Jun 10 14:34:06 2014 us=849145   server_network = 0.0.0.0
Tue Jun 10 14:34:06 2014 us=849154   server_netmask = 0.0.0.0
Tue Jun 10 14:34:06 2014 us=849168   server_network_ipv6 = ::
Tue Jun 10 14:34:06 2014 us=849176   server_netbits_ipv6 = 0
Tue Jun 10 14:34:06 2014 us=849185   server_bridge_ip = 0.0.0.0
Tue Jun 10 14:34:06 2014 us=849194   server_bridge_netmask = 0.0.0.0
Tue Jun 10 14:34:06 2014 us=849202   server_bridge_pool_start = 0.0.0.0
Tue Jun 10 14:34:06 2014 us=849211   server_bridge_pool_end = 0.0.0.0
Tue Jun 10 14:34:06 2014 us=849218   ifconfig_pool_defined = DISABLED
Tue Jun 10 14:34:06 2014 us=849227   ifconfig_pool_start = 0.0.0.0
Tue Jun 10 14:34:06 2014 us=849236   ifconfig_pool_end = 0.0.0.0
Tue Jun 10 14:34:06 2014 us=849244   ifconfig_pool_netmask = 0.0.0.0
Tue Jun 10 14:34:06 2014 us=849252   ifconfig_pool_persist_filename = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=849260   ifconfig_pool_persist_refresh_freq = 600
Tue Jun 10 14:34:06 2014 us=849268   ifconfig_ipv6_pool_defined = DISABLED
Tue Jun 10 14:34:06 2014 us=849277   ifconfig_ipv6_pool_base = ::
Tue Jun 10 14:34:06 2014 us=849285   ifconfig_ipv6_pool_netbits = 0
Tue Jun 10 14:34:06 2014 us=849292   n_bcast_buf = 256
Tue Jun 10 14:34:06 2014 us=849300   tcp_queue_limit = 64
Tue Jun 10 14:34:06 2014 us=849308   real_hash_size = 256
Tue Jun 10 14:34:06 2014 us=849316   virtual_hash_size = 256
Tue Jun 10 14:34:06 2014 us=849324   client_connect_script = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=849332   learn_address_script = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=849340   client_disconnect_script = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=849347   client_config_dir = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=849355   ccd_exclusive = DISABLED
Tue Jun 10 14:34:06 2014 us=849363   tmp_dir = '/tmp'
Tue Jun 10 14:34:06 2014 us=849371   push_ifconfig_defined = DISABLED
Tue Jun 10 14:34:06 2014 us=849379   push_ifconfig_local = 0.0.0.0
Tue Jun 10 14:34:06 2014 us=849388   push_ifconfig_remote_netmask = 0.0.0.0
Tue Jun 10 14:34:06 2014 us=849395   push_ifconfig_ipv6_defined = DISABLED
Tue Jun 10 14:34:06 2014 us=849404   push_ifconfig_ipv6_local = ::/0
Tue Jun 10 14:34:06 2014 us=849412   push_ifconfig_ipv6_remote = ::
Tue Jun 10 14:34:06 2014 us=849420   enable_c2c = DISABLED
Tue Jun 10 14:34:06 2014 us=849427   duplicate_cn = DISABLED
Tue Jun 10 14:34:06 2014 us=849435   cf_max = 0
Tue Jun 10 14:34:06 2014 us=849443   cf_per = 0
Tue Jun 10 14:34:06 2014 us=849451   max_clients = 1024
Tue Jun 10 14:34:06 2014 us=849459   max_routes_per_client = 256
Tue Jun 10 14:34:06 2014 us=849467   auth_user_pass_verify_script = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=849475   auth_user_pass_verify_script_via_file = DISABLED
Tue Jun 10 14:34:06 2014 us=849482   ssl_flags = 0
Tue Jun 10 14:34:06 2014 us=849490   port_share_host = '[UNDEF]'
Tue Jun 10 14:34:06 2014 us=849498   port_share_port = 0
Tue Jun 10 14:34:06 2014 us=849506   client = ENABLED
Tue Jun 10 14:34:06 2014 us=849513   pull = ENABLED
Tue Jun 10 14:34:06 2014 us=849521   auth_user_pass_file = '/etc/openvpn/iPredator.auth'
Tue Jun 10 14:34:06 2014 us=849532 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
Tue Jun 10 14:34:06 2014 us=849652 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Jun 10 14:34:06 2014 us=850308 Control Channel Authentication: tls-auth using INLINE static key file
Tue Jun 10 14:34:06 2014 us=850333 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 10 14:34:06 2014 us=850345 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 10 14:34:06 2014 us=850368 LZO compression initialized
Tue Jun 10 14:34:06 2014 us=850429 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue Jun 10 14:34:06 2014 us=850461 Socket Buffers: R=[229376->131072] S=[229376->131072]
Tue Jun 10 14:34:06 2014 us=851275 RESOLVE: NOTE: pw.openvpn.ipredator.se resolves to 15 addresses
Tue Jun 10 14:34:06 2014 us=851300 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jun 10 14:34:06 2014 us=851320 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Tue Jun 10 14:34:06 2014 us=851328 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Tue Jun 10 14:34:06 2014 us=851346 Local Options hash (VER=V4): '5b243d85'
Tue Jun 10 14:34:06 2014 us=851358 Expected Remote Options hash (VER=V4): '0b024030'
Tue Jun 10 14:34:06 2014 us=851372 UDPv4 link local: [undef]
Tue Jun 10 14:34:06 2014 us=851382 UDPv4 link remote: [AF_INET]46.246.33.130:1194
Tue Jun 10 14:34:06 2014 us=868744 TLS: Initial packet from [AF_INET]46.246.33.130:1194, sid=ad278f21 8cb53e57
Tue Jun 10 14:34:06 2014 us=868836 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jun 10 14:34:07 2014 us=27663 VERIFY OK: depth=1, /C=SE/ST=Bryggland/L=Oeldal/O=Royal_Swedish_Beer_Squadron/OU=Internetz/CN=Royal_Swedish_Beer_Squadron_CA/emailAddress=hostmas...@ipredator.se
Tue Jun 10 14:34:07 2014 us=27905 VERIFY OK: nsCertType=SERVER
Tue Jun 10 14:34:07 2014 us=27919 VERIFY OK: depth=0, /C=SE/ST=Bryggland/L=Oeldal/O=Royal_Swedish_Beer_Squadron/CN=eedeevahjaed.openvpn.ipredator.se/emailAddress=hostmas...@ipredator.se
Tue Jun 10 14:34:07 2014 us=153032 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jun 10 14:34:07 2014 us=153050 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 10 14:34:07 2014 us=153058 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jun 10 14:34:07 2014 us=153065 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 10 14:34:07 2014 us=153088 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 3457 bit RSA
Tue Jun 10 14:34:07 2014 us=153105 [eedeevahjaed.openvpn.ipredator.se] Peer Connection Initiated with [AF_INET]46.246.33.130:1194
Tue Jun 10 14:34:09 2014 us=553593 SENT CONTROL [eedeevahjaed.openvpn.ipredator.se]: 'PUSH_REQUEST' (status=1)
Tue Jun 10 14:34:09 2014 us=571043 PUSH: Received control message: 'PUSH_REPLY,route 46.246.33.130 255.255.255.255 net_gateway,route-gateway 46.246.33.1,redirect-gateway def1,topology subnet,dhcp-option DOMAIN ipredator.se,dhcp-option DNS 46.246.46.46,dhcp-option DNS 194.132.32.23,ip-win32 dynamic,ping 10,ping-restart 60,explicit-exit-notify 3,ifconfig 46.246.33.193 255.255.255.0'
Tue Jun 10 14:34:09 2014 us=571118 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:8: ip-win32 (2.2.1)
Tue Jun 10 14:34:09 2014 us=571146 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jun 10 14:34:09 2014 us=571155 OPTIONS IMPORT: explicit notify parm(s) modified
Tue Jun 10 14:34:09 2014 us=571162 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jun 10 14:34:09 2014 us=571169 OPTIONS IMPORT: route options modified
Tue Jun 10 14:34:09 2014 us=571177 OPTIONS IMPORT: route-related options modified
Tue Jun 10 14:34:09 2014 us=571184 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jun 10 14:34:09 2014 us=571199 WARNING: potential conflict between --remote address [46.246.33.130] and --ifconfig address pair [46.246.33.193, 255.255.255.0] -- this is a warning only that is triggered when local/remote addresses exist within the same /24 subnet as --ifconfig endpoints. (silence this warning with --ifconfig-nowarn)
Tue Jun 10 14:34:09 2014 us=571338 ROUTE default_gateway=94.23.6.254
Tue Jun 10 14:34:09 2014 us=571793 TUN/TAP device tun0 opened
Tue Jun 10 14:34:09 2014 us=571814 TUN/TAP TX queue length set to 100
Tue Jun 10 14:34:09 2014 us=571827 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 10 14:34:09 2014 us=571848 /sbin/ifconfig tun0 46.246.33.193 netmask 255.255.255.0 mtu 1500 broadcast 46.246.33.255
Tue Jun 10 14:34:09 2014 us=573232 /etc/openvpn/iPredator-connect.sh tun0 1500 1558 46.246.33.193 255.255.255.0 init
dhcp-option DOMAIN ipredator.se
dhcp-option DNS 46.246.46.46
dhcp-option DNS 194.132.32.23
Tue Jun 10 14:34:09 2014 us=681413 Initialization Sequence Completed

client
dev tun0
proto udp
remote pw.openvpn.ipredator.se 1194
remote pw.openvpn.ipredator.me 1194
remote pw.openvpn.ipredator.es 1194
resolv-retry infinite
nobind

log /var/log/openvpn.log
auth-user-pass /etc/openvpn/iPredator.auth
auth-retry nointeract

ca [inline]

tls-client
tls-auth [inline]
ns-cert-type server

keepalive 10 30
cipher AES-256-CBC
persist-key
persist-tun
comp-lzo
tun-mtu 1500
mssfix
passtos
verb 3

script-security 2
up /etc/openvpn/iPredator-connect.sh
down /etc/openvpn/iPredator-disconnect.sh

<ca>
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIJAKee4ZMMpvhzMA0GCSqGSIb3DQEBBQUAMIG9MQswCQYD
VQQGEwJTRTESMBAGA1UECBMJQnJ5Z2dsYW5kMQ8wDQYDVQQHEwZPZWxkYWwxJDAi
BgNVBAoTG1JveWFsIFN3ZWRpc2ggQmVlciBTcXVhZHJvbjESMBAGA1UECxMJSW50
ZXJuZXR6MScwJQYDVQQDEx5Sb3lhbCBTd2VkaXNoIEJlZXIgU3F1YWRyb24gQ0Ex
JjAkBgkqhkiG9w0BCQEWF2hvc3RtYXN0ZXJAaXByZWRhdG9yLnNlMB4XDTEyMDgw
NDIxMTAyNVoXDTIyMDgwMjIxMTAyNVowgb0xCzAJBgNVBAYTAlNFMRIwEAYDVQQI
EwlCcnlnZ2xhbmQxDzANBgNVBAcTBk9lbGRhbDEkMCIGA1UEChMbUm95YWwgU3dl
ZGlzaCBCZWVyIFNxdWFkcm9uMRIwEAYDVQQLEwlJbnRlcm5ldHoxJzAlBgNVBAMT
HlJveWFsIFN3ZWRpc2ggQmVlciBTcXVhZHJvbiBDQTEmMCQGCSqGSIb3DQEJARYX
aG9zdG1hc3RlckBpcHJlZGF0b3Iuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCp5M22fZtwtIh6Mu9IwC3N2tEFqyNTEP1YyXasjf+7VNISqSpFy+tf
DsHAkiE9Wbv8KFM9bOoVK1JjdDsetxArm/RNsUWm/SNyVbmY+5ezX/n95S7gQdMi
bA74/ID2+KsCXUY+HNNUQqFpyK67S09A6r0ZwPNUDbLgGnmCZRMDBPCHCbiK6e68
d75v6f/0nY4AyAAAyqwAELIAn6sy4rzoPbalxcO33eW0fUG/ir41qqo8BQrWKyEd
Q9gy8tGEqbLQ+B30bhIvBh10YtWq6fgFZJzWP6K8bBJGRvioFOyQHCaVH98UjwOm
/AqMTg7LwNrpRJGcKLHzUf3gNSHQGHfzAgMBAAGjggEmMIIBIjAdBgNVHQ4EFgQU
pRqJxaYdvv3XGEECUqj7DJJ8ptswgfIGA1UdIwSB6jCB54AUpRqJxaYdvv3XGEEC
Uqj7DJJ8ptuhgcOkgcAwgb0xCzAJBgNVBAYTAlNFMRIwEAYDVQQIEwlCcnlnZ2xh
bmQxDzANBgNVBAcTBk9lbGRhbDEkMCIGA1UEChMbUm95YWwgU3dlZGlzaCBCZWVy
IFNxdWFkcm9uMRIwEAYDVQQLEwlJbnRlcm5ldHoxJzAlBgNVBAMTHlJveWFsIFN3
ZWRpc2ggQmVlciBTcXVhZHJvbiBDQTEmMCQGCSqGSIb3DQEJARYXaG9zdG1hc3Rl
ckBpcHJlZGF0b3Iuc2WCCQCnnuGTDKb4czAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
DQEBBQUAA4IBAQB8nxZJaTvMMoSG47jD2w31zt9o6nSx8XJKop/0rMMHKBe1QBUw
/n3clGwYxBW8mTnrXHhmJkwJzA0Vh525+dkF28E0I+DSigKUXEewIZtKjADYSxaG
M+4272enbJ86JeXUhN8oF9TT+LKgMBgtt9yX5o63Ek6QOKwovH5kemDOVJmwae9p
tXQEWfCPDFMc7VfSxS4BDBVinRWeMWZs+2AWeWu2CMsjcx7+B+kPbBCzfANanFDD
CZEQON4pEpfK2XErhOudKEJGCl7psH+9Ex//pqsUS43nVN/4sqydiwbi+wQuUI3P
BYtvqPnWdjIdf2ayAQQCWliAx9+P03vbef6y
-----END CERTIFICATE-----
</ca>

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
03f7b2056b9dc67aa79c59852cb6b35a
a3a15c0ca685ca76890bbb169e298837
2bdc904116f5b66d8f7b3ea6a5ff05cb
fc4f4889d702d394710e48164b28094f
a0e1c7888d471da39918d747ca4bbc2f
285f676763b5b8bee9bc08e4b5a69315
d2ff6b9f4b38e6e2e8bcd05c8ac33c5c
56c4c44dbca35041b67e2374788f8977
7ad4ab8e06cd59e7164200dfbadb942a
351a4171ab212c23bee1920120f81205
efabaa5e34619f13adbe58b6c83536d3
0d34e6466feabdd0e63b39ad9bb1116b
37fafb95759ab9a15572842f70e7cba9
69700972a01b21229eba487745c091dd
5cd6d77bdc7a54a756ffe440789fd39e
97aa9abe2749732b7262f82e4097bee3
-----END OpenVPN Static key V1-----
</tls-auth>

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

[Openvpn-users] OpenVPN Client heating 100% CPU

Reply via email to