July 20, 2009 at 3:33 pm #41805
I am happily running zeroshell, with great results, but, after setting up OpenVPN, my system is barely holding up. The processor load is sometimes up to 180%, and it is visibly slowing down my internet speed.
I am sure that it is connected to the fact that I run Host-to LAN Openvpn server on port 80 (it was the only way, since the person that uses it has only port 80 access). I had to change some things for that.
It is clear, from the picture, that when VPN is not active(between 23:00 and 6:00 AM), the system load is very low.
using the top command,i get the following results:
top - 18:40:39 up 2 days, 17:24, 1 user, load average: 1.75, 1.62, 1.56
Tasks: 66 total, 2 running, 64 sleeping, 0 stopped, 0 zombie
Cpu(s): 46.5% user, 51.9% system, 0.0% nice, 1.6% idle, 0.0% IO-wait
Mem: 247484k total, 187312k used, 60172k free, 31032k buffers
Swap: 131064k total, 0k used, 131064k free, 40720k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
3997 nobody 20 0 1696 648 556 R 47.8 0.3 477:21.73 pppoe
4698 root 20 0 4168 2152 1336 S 29.9 0.9 442:04.56 vpn
4 root 15 -5 0 0 0 S 19.3 0.0 163:11.43 ksoftirqd/0
1641 root 20 0 59656 31m 2652 S 0.7 12.9 0:46.31 named
..So, ppoe takes up 47.8%, and vpn 29.9% ..and that’s an average…
Thanks in advance for the help. Hope you people understood what I wrote hereJuly 20, 2009 at 5:18 pm #48478
If you are running VPN on port 80, because port 80 is commonly crawled for attempts to find public webservers, I would highly recommend and iptables firewall rule only allowing access from the specific IP your VPN client is connecting from.July 21, 2009 at 8:25 am #48479
I made the firewall change, but there is no difference.
The load seems heavily connected with VPN traffic. If VPN connection is idle(<1megabyte) , system load is quite low, ~20% , but at a sustained VPN speed of 7 megabytes (~750 kB/S) , the load is 160%.
Quite strange, taking into consideration that i can have traffic up to 90 Mbit/s on non-vpn interfaces with minimal load.July 21, 2009 at 3:20 pm #48480
You could try turning off compression (http://www.zeroshell.net/eng/forum/viewtopic.php?t=1448&highlight=lzo), but that isn’t an option yet in ZeroShell.
You might also try changing the openvpn config to use different encryption method (blowfish, 3des, aes)
Upgrade hardware, or add an encryption/compression offload card.July 22, 2009 at 11:39 am #48481
I have also noticed extremely large cpu usage after enabling openvpn. I’ll try to disable compression to see if this helps.July 22, 2009 at 3:09 pm #48482
Do we know if Zeroshell can use the crypto acceleration features of the AMD Geode LX yet?
This is the combo used in the Soekris net5501 box, I would like to run openVPN in the future, but now I have seen this, I’m worried about it chewing up all my CPU.
There was some talk of a kernel update earlier this year that would allow for this – I think!?
JeffJuly 22, 2009 at 3:20 pm #48483
I don’t know if it does, I’m not familiar with the hardware offloading/acceleration for such.
I have posted a patch on the other thread on how to disable compression.July 24, 2009 at 8:43 am #48484
A few hours ago I upgraded to ZS beta 12 and disabled lzo compression on Openvpn. I think the graph speaks for itself.
[img=http://img23.imageshack.us/img23/8741/systemday.th.png]July 24, 2009 at 12:03 pm #48485
I disabled the compression. Not much of a difference, about 30% less.
Currently i’m on beta 11. I’ll go to beta 12.
You must be logged in to reply to this topic.