one (1) out-of-control tunnelblick SSL VPN user causing 100% CPU load on UTM

SG430 v9.718-5 at 100% cpu load, mostly caused by confd process due to one single SSL VPN connection that is permanently connecting (16 times per minute) and disconnecting.

Seems like SG SSL OpenVPN implementation is not able to catch and limit that behaviour.

openvpn log in loop:

Peer Connection Initiated

Connection reset, restarting

SIGUSR1[soft,connection-reset] received, client-instance restarting

TLS: Username/Password authentication deferred for username

Peer Connection Initiated

2024:02:14-09:40:02 firewall openvpn[10620]: clientWANIP:57255 [username] Peer Connection Initiated with [AF_INET]clientWANIP:57255 (via [AF_INET]firewallIP:443)
2024:02:14-09:40:09 firewall openvpn[10620]: clientWANIP:57257 [username] Peer Connection Initiated with [AF_INET]clientWANIP:57257 (via [AF_INET]firewallIP:443)
2024:02:14-09:40:11 firewall openvpn[10620]: clientWANIP:57258 [username] Peer Connection Initiated with [AF_INET]clientWANIP:57258 (via [AF_INET]firewallIP:443)
2024:02:14-09:40:13 firewall openvpn[10620]: clientWANIP:57262 [username] Peer Connection Initiated with [AF_INET]clientWANIP:57262 (via [AF_INET]firewallIP:443)
2024:02:14-09:40:15 firewall openvpn[10620]: clientWANIP:57263 [username] Peer Connection Initiated with [AF_INET]clientWANIP:57263 (via [AF_INET]firewallIP:443)
2024:02:14-09:40:17 firewall openvpn[10620]: clientWANIP:57264 [username] Peer Connection Initiated with [AF_INET]clientWANIP:57264 (via [AF_INET]firewallIP:443)
2024:02:14-09:40:19 firewall openvpn[10620]: clientWANIP:57265 [username] Peer Connection Initiated with [AF_INET]clientWANIP:57265 (via [AF_INET]firewallIP:443)
2024:02:14-09:40:26 firewall openvpn[10620]: clientWANIP:57267 [username] Peer Connection Initiated with [AF_INET]clientWANIP:57267 (via [AF_INET]firewallIP:443)
2024:02:14-09:40:28 firewall openvpn[10620]: clientWANIP:57268 [username] Peer Connection Initiated with [AF_INET]clientWANIP:57268 (via [AF_INET]firewallIP:443)
2024:02:14-09:40:30 firewall openvpn[10620]: clientWANIP:57269 [username] Peer Connection Initiated with [AF_INET]clientWANIP:57269 (via [AF_INET]firewallIP:443)
2024:02:14-09:40:31 firewall openvpn[10620]: clientWANIP:57270 [username] Peer Connection Initiated with [AF_INET]clientWANIP:57270 (via [AF_INET]firewallIP:443)
2024:02:14-09:40:38 firewall openvpn[10620]: clientWANIP:57279 [username] Peer Connection Initiated with [AF_INET]clientWANIP:57279 (via [AF_INET]firewallIP:443)
2024:02:14-09:40:40 firewall openvpn[10620]: clientWANIP:57282 [username] Peer Connection Initiated with [AF_INET]clientWANIP:57282 (via [AF_INET]firewallIP:443)
2024:02:14-09:40:41 firewall openvpn[10620]: clientWANIP:57285 [username] Peer Connection Initiated with [AF_INET]clientWANIP:57285 (via [AF_INET]firewallIP:443)
2024:02:14-09:40:43 firewall openvpn[10620]: clientWANIP:57286 [username] Peer Connection Initiated with [AF_INET]clientWANIP:57286 (via [AF_INET]firewallIP:443)
2024:02:14-09:40:55 firewall openvpn[10620]: clientWANIP:57290 [username] Peer Connection Initiated with [AF_INET]clientWANIP:57290 (via [AF_INET]firewallIP:443)

confd log

2024:02:14-10:03:29 fw confd[3970]: I main::top-level:682() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="network" type="aaa" ref="REF_NetAaaxxxUserNetwo" objname="xxx (User Network)" user="system" srcip="127.0.0.1" sid="xxxxx" facility="system" client="confd-qrunner.pl" pid="30629" attr_addresses="['10.242.2.8']" attr_resolved="1" oldattr_addresses="['10.242.2.8']" oldattr_resolved="1"

The MacOS user updated it's tunnelblick SSL VPN client just yesterday to 4.0.0beta15 build 5950 (2024-02-12)

disabling the user solved the CPU high load immediately.

9.718-5
[bearbeitet von: LHerzog um 10:04 AM (GMT -8) am 14 Feb 2024]