[CentOS] regarding vpn server for 1500 clients

Ray Van Dolson rayvd at bludgeon.org
Fri Dec 19 18:27:26 UTC 2008


On Fri, Dec 19, 2008 at 01:14:34PM -0500, Ross Walker wrote:
> 
> 
> On Dec 19, 2008, at 12:20 PM, Ray Van Dolson <rayvd at bludgeon.org> wrote:
> 
> > How about lots of GRE tunnels? :-)
> 
> Well PPTP is PPP over GRE, so that's basically it.
> 
> PPTP can run without encryption too if the OP really doesn't care  
> about encryption.
> 

The only thing I'll say in the world of using PPTP (via PoPToP) is to
consider what happens when most or all of your clients reconnect at one
time (network glitch, etc).  This was my biggest challenge as the
original configuration had PPP calling all sorts of perl scripts and
such from its ip-up mechanism.  The server would come to a complete
crawl as 800+ of these ip-up scripts would fire off along with their
associated tasks.  This would result in clients timing out, links
failing, etc -- the server could never "catch up". 

The band-aid solution was to rate limit SYN packets that established
the connection... the permanent solution was to write a plugin for PPPd
in C that replaced most of the ip-up functionality with something a bit
more efficient.

As long as you're not needing to do any sort of complex post login
tasks for each user, this may not even end up being an issue.  But
something to keep in mind and plan for if you're talking 1500 users...
:)

Ray


More information about the CentOS mailing list