SoftEther VPN User Forum

Hello. I have a strange 100% CPU usage problem about SoftEther.

My Test Environment:
Client side: Ubuntu Server 13.10 on Soekris Net6501-70 (CPU: Atom 1.6G, Mem: 2GB).
Server side in Test A1/2: Ubuntu Server 14 on Windows Azure
Server side in Test B1/2: Windows Server 2012 R2 on Windows Azure
SoftEther Version: 4.06 Build 9435.

Coz Windows Azure blocked all protocols other than TCP/UDP, I just used port 443 and SSTP for testing. Only SSTP clone is on.

Test A1:
Running a linux x64 version on server side with SecureNAT (bridge off) as well as a linux x86 version on client.
Result:
The cpu usage of vpnclient on client side will raise to 100% periodically. The cycle is no more than 1 min and it will keep on 100% for about 10 secs. After that, the server side will be similar to keep at 100% for 10 secs. Within these periods, no communication by VPN can be passed. In other time, it works great.

Test A2:
Running a linux x64 version on server side with bridge to a TAP device (SecureNAT is off) as well as a linux x86 version on client. Routing is set to on in server.
Result:
It works great for several hours then back to the same as A1.

Test B1:
Running a Windows version on server side with SecureNAT (bridge off) as well as a linux x86 version on client.
Result:
Same as A1. But the CPU usage on server side is not reached to 100%.

Test B2:
Running a Windows version on server side with bridge to a loopback NIC (SecureNAT is off) as well as a linux x86 version on client. RRAS is enabled for routing.
Result:
Same as A2. But the CPU usage on server side is not reached to 100%. I can reboot both server and client to reset this back to normal.

What's wrong with these?

Thanks for any advice.

Hi,
Thanks for the information. Since you are testing with SSTP.
Is there any chance to try l2tp or ether/ip mode ? Just guessing if SSTP is root cause.

Thanks for your reply.

I don't think it's possible to test other than SSTP coz GRE (used by PPTP) and ESP (used by L2TP and IKEv2) are not allowed by Windows Azure.

Could you check a sever-side vpn logs ? Is there any error or warning?

thisjun wrote:
> Could you check a sever-side vpn logs ? Is there any error or warning?

I dont know how to get the log from server side.

After I rebooted the server side, in the Test case B2, I haven't repo this problem but the log file is not deleted by me.

Please see this manual http://www.softether.org/4-docs/1-manua ... n_Terminal

thisjun wrote:
> Please see this manual
> http://www.softether.org/4-docs/1-manua ... n_Terminal

There is no such a button to get log file on my instance of Server Manager. Maybe manual is obsoleted?

Hi,

I have the same problem with Windows Server 2012 R2. I have currently connected one Client via VPN and one Bridge, also I use a Virtual switch and Virtual DHCP without NATing.

I have tested this scenario with a previous version before without any issues, but with the last beta communctions stop regularly as can be checked ping:

Reply from 10.50.1.251: bytes=32 time=2ms TTL=255
Reply from 10.50.1.251: bytes=32 time=2ms TTL=255
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 10.50.1.12: Destination host unreachable.
Reply from 10.50.1.12: Destination host unreachable.
Reply from 10.50.1.12: Destination host unreachable.
Reply from 10.50.1.251: bytes=32 time=1298ms TTL=255

I can let give you access to our Server if needed.

The only errr message in the log is that:
2014-04-05 21:24:02.913 [HUB "AdminVPNGate"] Session "SID-MSTENZ-7": A large volume of broadcast packets has been detected. There are cases where packets are discarded based on the policy. The source MAC address is 00-AC-F5-3E-13-8B, the source IP address is fe80::15b8:173d:a110:ef73, the destination IP address is ff02::1:3. The number of broadcast packets is equal to or larger than 36 items per 1 second (note this information is the result of mechanical analysis of part of the packets and could be incorrect).

But thats my client VPN session and the unstable connection also happens if my client VPN connection is not established.

What I also see in the Windows Performance Monitor, that about 10MByte/s traffic is running through the SE daemon, even no real data are transferred.

Would be really great if you can find out what this issue is.

Additional note: I have disabled all other protocols. Only native SE VPN is used.

Hi, please note that I have:

- disabledUDPAcceleration set to 1 in all hubs

and now the problem is gone.

mstenz wrote:
> Hi, please note that I have:
>
> - disabledUDPAcceleration set to 1 in all hubs
>
> and now the problem is gone.

Thanks for your information.
After I rerun my test, this is proved useful but only in bridge mode. The problem is still existed while using SecureNAT but seems be better than before.

Hi,

but you wrote you dont used NAT? I think with NAT 100% CPU is normal and this should not really be used.

rgds.

Michael

mstenz wrote:
> Hi,
>
> but you wrote you dont used NAT? I think with NAT 100% CPU is normal and
> this should not really be used.
>
> rgds.
>
> Michael


I have 4 test scenarios.

So I understand without NAT its working now like a charm?
If yes, all is ok.
Please do not use NAT, as 100% is normal when using it.

scegg wrote:

> I have 4 test scenarios.

How many hubs do you operate?

inten wrote:
> scegg wrote:
>
> > I have 4 test scenarios.
>
> How many hubs do you operate?


1 for each.

the 4 test servers are dedicated.

and how many users in each hub?

inten wrote:
> and how many users in each hub?

1 for each.

post vpn_server.config here.

inten wrote:
> post vpn_server.config here.

it works without SecureNAT and UDP Accelerating. I don't need troubleshooting for this. Thanks.