Win 8.1; Asuswrt-merlin; RT-AC68U - OpenVPN Daemon using 30% CPU

[makem]

Running OpenVPN an client on a Windows 8.1 laptop to connect to a router VPN with the latest merlin firmware.

Android Nexus and phone connections on the LAN are fine but as soon as I connect from the Win 8.1 machine up goes the CPU which causes the OutPost Pro firewall to follow totalling in excess of 75%

If I exit the firewall - no change. If I start the daemon with the firewall off - no change.

Is it a probem with the latest Asusrt-merlin firmware?

Could the connection in the LAN be the problem?

I never had this with the stock Asus firmware.

 

[RMerlin]

The issue would have nothing to do with the router if the CPU usage increase occurs on the computer.

 

[makem]

The issue would have nothing to do with the router if the CPU usage increase occurs on the computer.

You don't think the 'conversation' between the router firmware and the openvpn client software on the computer would cause the CPU to get loaded?

The only change I have made is to upload the new firmware. I did not change the openvpn client.

I saw this problem reported elsewhere with Win 8.1 but the post was not answered.

 

[RMerlin]

You don't think the 'conversation' between the router firmware and the openvpn client software on the computer would cause the CPU to get loaded?

The only change I have made is to upload the new firmware. I did not change the openvpn client.

I saw this problem reported elsewhere with Win 8.1 but the post was not answered.

Considering the desktop CPU is far more powerful than the router's, I would expect the router's own CPU to be crushed long before it made any serious dent on the desktop's own CPU.

And as you mentionned, you have no problem with your mobile devices either.

I use the OpenVPN server myself on nearly a daily basis, with zero issue.

First thing I would suspect is any security software running on your computer.

 

[makem]

First thing I would suspect is any security software running on your computer.

Yes, I did consider that and as a result tried exiting the firewall. I also checked that the default installed windows firewall was disabled.

I am at a loss. Maybe it is Win 8.1 related.

 

[makem]

I have just run the Outpost firewall to watch connections as they are made and the data passing through.

OpenVPN,exe made 2 inbound connections (to the PC) NewHP:59746 and 192.168.2.1:1194

Initially the data was very small but soon (within seconds) the rate started to rise and I began to hear the PC fan start up.

The bytes sent soon got to 63 696 861 and recd. zero

If all I had done was to make the connection with usename and password and nothing else, why would so much data need to pass from the router?

 

[L&LD]

I would suggest trying another laptop with Windows 8.1 or restoring your current system to an earlier point. There is nothing to suggest it is the router's issue here.

The Windows 8.1 machine is at fault for one reason or another.

 

[RMerlin]

I have just run the Outpost firewall to watch connections as they are made and the data passing through.

OpenVPN,exe made 2 inbound connections (to the PC) NewHP:59746 and 192.168.2.1:1194

Initially the data was very small but soon (within seconds) the rate started to rise and I began to hear the PC fan start up.

The bytes sent soon got to 63 696 861 and recd. zero

If all I had done was to make the connection with usename and password and nothing else, why would so much data need to pass from the router?

Check your OpenVPN client log, in case for some reason the client is failing to connect, and immediately trying again rather than wait the usual couple of seconds.

 

[makem]

Check your OpenVPN client log, in case for some reason the client is failing to connect, and immediately trying again rather than wait the usual couple of seconds.

No, it is not that. The log shows an immediate and held connection.

After a few seconds I am unable to use the router interface and it crashes. I am forced to disconnect and reconnect to the router interface.

The logs for a 1 minute (approx) connection:

Openvpn client:

Sun Aug 09 11:57:36 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
Sun Aug 09 11:57:36 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Enter Management Password:
Sun Aug 09 11:57:53 2015 UDPv4 link local: [undef]
Sun Aug 09 11:57:53 2015 UDPv4 link remote: [AF_INET]xx.xxx.xx.xxx:1194
Sun Aug 09 11:57:53 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Aug 09 11:57:54 2015 [RT-AC68U] Peer Connection Initiated with [AF_INET]192.168.2.1:1194
Sun Aug 09 11:57:56 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Aug 09 11:57:56 2015 open_tun, tt->ipv6=0
Sun Aug 09 11:57:56 2015 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{B2C97252-5730-4943-90CB-DEF4D7FB9968}.tap
Sun Aug 09 11:57:56 2015 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.2/255.255.255.0 [SUCCEEDED]
Sun Aug 09 11:57:56 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on interface {B2C97252-5730-4943-90CB-DEF4D7FB9968} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Sun Aug 09 11:57:56 2015 Successful ARP Flush on interface [29] {B2C97252-5730-4943-90CB-DEF4D7FB9968}
Sun Aug 09 11:58:01 2015 Initialization Sequence Completed
Sun Aug 09 11:58:51 2015 SIGTERM[hard,] received, process exiting

Server:

Aug 9 11:57:54 openvpn[8338]: 192.168.2.33:59691 TLS: Initial packet from [AF_INET]192.168.2.33:59691, sid=555fe8ac 98a09955
Aug 9 11:57:54 openvpn[8338]: 192.168.2.33:59691 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
Aug 9 11:57:54 openvpn[8338]: 192.168.2.33:59691 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Aug 9 11:57:55 openvpn[8338]: 192.168.2.33:59691 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Aug 9 11:57:55 openvpn[8338]: 192.168.2.33:59691 TLS: Username/Password authentication succeeded for username 'newhp'
Aug 9 11:57:55 openvpn[8338]: 192.168.2.33:59691 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Aug 9 11:57:55 openvpn[8338]: 192.168.2.33:59691 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 9 11:57:55 openvpn[8338]: 192.168.2.33:59691 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Aug 9 11:57:55 openvpn[8338]: 192.168.2.33:59691 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 9 11:57:55 openvpn[8338]: 192.168.2.33:59691 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Aug 9 11:57:55 openvpn[8338]: 192.168.2.33:59691 [client] Peer Connection Initiated with [AF_INET]192.168.2.33:59691
Aug 9 11:57:55 openvpn[8338]: client/192.168.2.33:59691 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Aug 9 11:57:55 openvpn[8338]: client/192.168.2.33:59691 MULTI: Learn: 10.8.0.2 -> client/192.168.2.33:59691
Aug 9 11:57:55 openvpn[8338]: client/192.168.2.33:59691 MULTI: primary virtual IP for client/192.168.2.33:59691: 10.8.0.2
Aug 9 11:57:57 openvpn[8338]: client/192.168.2.33:59691 PUSH: Received control message: 'PUSH_REQUEST'
Aug 9 11:57:57 openvpn[8338]: client/192.168.2.33:59691 send_push_reply(): safe_cap=940
Aug 9 11:57:57 openvpn[8338]: client/192.168.2.33:59691 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0' (status=1)
Aug 9 11:58:52 miniupnpd[11377]: upnp_event_recv: recv(): Connection reset by peer
Aug 9 12:00:02 openvpn[8338]: client/192.168.2.33:59691 [client] Inactivity timeout (--ping-restart), restarting
Aug 9 12:00:02 openvpn[8338]: client/192.168.2.33:59691 SIGUSR1[soft,ping-restart] received, client-instance restarting

I have installed the same client version and am using the same .ovpn file on a windows 7 machine. That connects without problem albeit I don't have the same firewall or antivirus on there yet. I will duplicate everything on windows 7 to try to prove/disprove win 8.1 is the devil..

I am also having problems connecting with Ubuntu, I get an 'undef'' connection but that story will be left for another time.

 

[RMerlin]

No other idea, sorry.

 

[makem]

I have installed the same client version and am using the same .ovpn file on a windows 7 machine. That connects without problem albeit I don't have the same firewall or antivirus on there yet. I will duplicate everything on windows 7 to try to prove/disprove win 8.1 is the devil..

I am also having problems connecting with Ubuntu, I get an 'undef'' connection but that story will be left for another time.

Not quite right. When I check before installing a firewall I find that openvpn gui is using 25% CPU. I didn't notice because it didn't start the fan.

So, openvpn client is using high CPU on both win 8.1 and 7 here.

No other idea, sorry.

Well I have found that if I take the win7 machine to a remote location it will connect normally. This suggests the problem occurs only within the LAN. Still no answer but not a problem now.

[Partly solved]