[CentOS] regarding vpn server for 1500 clients
Robert Moskowitz
rgm at htt-consult.com
Fri Dec 19 18:48:47 UTC 2008
William Warren wrote:
> Robert Moskowitz wrote:
>
>> Ray Van Dolson wrote:
>>
>>
>>> On Fri, Dec 19, 2008 at 03:42:08PM +0000, Karanbir Singh wrote:
>>>
>>>
>>>
>>>> Rainer Duffner wrote:
>>>>
>>>>
>>>>
>>>>>> 1500 clients is quite a lot, but not hard to handle from a single
>>>>>> machine if you select a cpu capable of doing ssl quickly. eg a power6
>>>>>> machine with a few cores would handle that without any problems.
>>>>>>
>>>>>>
>>>>>>
>>>>> And what is the suggested RRP of such a thing?
>>>>> (If one may ask).
>>>>>
>>>>>
>>>>>
>>>> I am sure if you ask someone who sells them, they will tell you :D
>>>>
>>>>
>>>>
>>>>
>>>>>> If you want to stick with commodity hardware, a couple of quad core
>>>>>> amd's should also fit right in.
>>>>>>
>>>>>>
>>>>>>
>>>>> Or use an SSL-offloader.
>>>>> Then, you can handle the same load with much less CPU-power.
>>>>>
>>>>>
>>>>>
>>>> Can get fiddly, with specific drivers and patches required to various
>>>> bits.. But thats a solution that could work too.
>>>>
>>>>
>>>>
>>>>
>>> To OP; anecdotal evidence only -- and I certainly wouldn't recommend
>>> using PPTP for a secure VPN solution :)
>>>
>>>
>> The OP did not want security, only tunneling. His desire. Definitely not
>> mine. My work for the last 14 years has been to make communication on
>> the Internet unassailable, at least along the data path (I make no
>> attempts with the OS or apps).
>>
>> I would like to see ALL communications be encrypted. D*MN the torpedos!
>>
>>
>>
>>> At my previous job we ran
>>> PoPToP (PPTP) on CentOS and the older HP DL140 G1 1U servers and were
>>> handling up to 1000 clients pretty comfortably per machine. This was
>>> with 1GB of RAM per server and a single 2.4GHz Xeon processor.
>>>
>>>
>>>
>> I have heard of similar numbers.
>>
>>
>>
>>> Left before we could migrate to OpenVPN which I think would have
>>> slightly higher processing requirements. :)
>>>
>>>
>> Sure would have!
>>
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>>
>>
> openvpn doesn't hit a modern cpu that hard anymore(unless you dialup
> something higher than 128 bit). I routinely do 5-10 users an sub 1ghz
> machines with openvpn. Leave the encryption in place..it's not going to
> make a huge difference.
Like I said, it is the setup that is the killer. If the users all come
on within a short time frame, they can fail. 5-10 users is nothing. D-H,
and RSA are killers for CPUs. ECC can be too, it depends on which curve
and whos code (some of it patented).
More information about the CentOS
mailing list