[eduVPN-deploy] Question re connections per process
François Kooman
fkooman at tuxed.net
Mon Apr 6 22:24:09 CEST 2020
On 4/6/20 6:05 PM, Louis Twomey wrote:
> Hi,
Hi Louis!
> Apologies if this is a dumb question(s), but when looking at how to
> scale an eduVPN service for a client to handle thousands of users, I’m a
> little confused by the potential constraints. The recommendation of a
> max of 64 simultaneous connections per CPU core makes perfect sense to
> me, but I’m not clear on whether there is a limitation (other than IP
> pool size) on simultaneous connections per OpenVPN *process*.
No there is not. The maximum number of clients is determined by the
total IP space you have configuerd in "range" and the number of OpenVPN
processes you define through vpnProtoPorts.
If you use 10.0.0.0/24 for "range" and ["udp/1194", "tcp/1194"] for
"vpnProtoPorts" you get ~128 clients per OpenVPN process.
> The following page states "Depending on your address space the ideal
> number of simultaneous clients per process is at most 64”:
>
> https://github.com/eduvpn/documentation/blob/v2/PROFILE_CONFIG.md#openvpn-processes
>
> Does that text mean that I need to run one OpenVPN process for every 64
> users/connections e.g. have 16 OpenVPN processes in order to handle
> 1,000 simultaneous connections? Or am I mis-reading the text?
*ideal* is at most 64, it is not an (enforced) limit in any way.
> And if I am interpreting the text correctly, in order to support 1,000
> simultaneous connections I guess I would have to either listen on 16
> different ports on the same IP address, or configure the server with 16
> IP addresses and listen on the same port on all of them?
Exactly! Typically you start at 1194 udp/tcp and then number up. One can
also add udp/443 and tcp/443 as "last resort" options for clients that
are in restricted networks.
Hope this makes it more clear! Let me know if you have more questions!
Regards,
François
More information about the eduVPN-deploy
mailing list