Hey all, this is a brief writeup of an issue we ran into recently. We have two CCR1009-8G-1S running RouterOS 6.38.5 with a site-to-site VPN using OpenVPN. One of the remote sites dropped the tunnel connection. I was able to remote into the router itself and it was responsive, but I could not interact with the OpenVPN server. A “/system resource cpu print” showed cpu1 was at 100% load. The other CPUs were at 0% load.
The logs showed OpenVPN in a reconnecting loop leading up to it appearing to hang:
vpn: initializing…
vpn: connecting…
vpn: using encoding - AES-128-CBC/SHA1
vpn: terminating… - no ip address provided
vpn: initializing…
My conjecture is there’s a weakness in my configuration that’s causing an endpoint address to be reserved, causing OpenVPN to loop while reconnecting, and some other bug is tripping the process up, making it consume 100% of a core. The workaround was to reboot the router–the VPN connected fine after that.
I don’t expect to see the issue again, but I figure I’d write it up and share it with the internet.