Enabling OpenVPN Server on RT-AC66U Results in router running at 100 percent CPU

[Andrew Lieb]

I have an RT-AC66U router. With the latest official ASUS FW release, as well as all before it, I can't get OpenVPN server to work with my Mac. I understand the issue to be related to the dhparams.pem key being 512 bits, when OpenSSL on the Mac now requires 2048 bits. Several forum posts elsewhere suggest that you can create a 2048 bit key on Linux or OS X and paste it into the appropriate ASUS router field. However, I was never able to get the router to accept the longer key. After clicking on "Apply", the status of OpenVPN Server was always "problem with the configuration of the Diffie-Hellman key".

To resolve this issue, I upgraded to RT-AC66U_378.55_beta2 Merlin code -- which supposedly uses a "pre-made 2048 bit key" (with some questions about whether this is a good idea to not generate a unique key, but anyway...).

The FW installs fine. However, now when I try to configure OpenVPN server, the router stays forever in the status of "Initializing the settings of OpenVPN server now, please wait a few minutes to let the server to setup completed before VPN clients establish the connection" and the router is running at 100 percent CPU and gets very hot.

Even with a hard reboot, the router remains in this state. The only way to get it back to normal is to disable the OpenVPN server.

Any solutions here?

 

[RMerlin]

To resolve this issue, I upgraded to RT-AC66U_378.55_beta2 Merlin code

You're like the third person recently to install this beta build, when the final build has been released nearly two months ago already.

Why?

Using a pre-made DH is perfectly safe from a cryptography point of view.

 

[Andrew Lieb]

Okay, point taken. I must have missed that the final release was out. I was following the changelog for info about DH key and I saw it in the beta release. And I see that the beta is now gone.

So anyway, is my problem -- running at 100 percent CPU, and never finishing initializing -- something that was fixed in the release version?

 

[RMerlin]

Okay, point taken. I must have missed that the final release was out. I was following the changelog for info about DH key and I saw it in the beta release. And I see that the beta is now gone.

So anyway, is my problem -- running at 100 percent CPU, and never finishing initializing -- something that was fixed in the release version?

I'm not aware of any issue there. Note that CPU usage can potentially be high for a few minutes with a slower RT-AC66U as it generates the keys and certificates. This shouldn't last more than a few minutes however.

 

[Andrew Lieb]

I saw the CPU high for over 2 hours. I went out for a long bicycle ride and when I came back, the router was in the exact same situation I left it in. With the message: "Initializing the settings of OpenVPN server now, please wait a few minutes to let the server to setup completed before VPN clients establish the connection" and CPU at 100 percent. I repeated this and the same thing happens each time I enable the VPN, and OpenVPN server never works.