[CentOS] regarding vpn server for 1500 clients

Robert Moskowitz rgm at htt-consult.com
Fri Dec 19 18:48:47 UTC 2008


William Warren wrote:
> Robert Moskowitz wrote:
>   
>> Ray Van Dolson wrote:
>>   
>>     
>>> On Fri, Dec 19, 2008 at 03:42:08PM +0000, Karanbir Singh wrote:
>>>   
>>>     
>>>       
>>>> Rainer Duffner wrote:
>>>>     
>>>>       
>>>>         
>>>>>> 1500 clients is quite a lot, but not hard to handle from a single 
>>>>>> machine if you select a cpu capable of doing ssl quickly. eg a power6 
>>>>>> machine with a few cores would handle that without any problems.
>>>>>>         
>>>>>>           
>>>>>>             
>>>>> And what is the suggested RRP of such a thing?
>>>>> (If one may ask).
>>>>>       
>>>>>         
>>>>>           
>>>> I am sure if you ask someone who sells them, they will tell you :D
>>>>
>>>>     
>>>>       
>>>>         
>>>>>> If you want to stick with commodity hardware, a couple of quad core 
>>>>>> amd's should also fit right in.
>>>>>>         
>>>>>>           
>>>>>>             
>>>>> Or use an SSL-offloader.
>>>>> Then, you can handle the same load with much less CPU-power.
>>>>>       
>>>>>         
>>>>>           
>>>> Can get fiddly, with specific drivers and patches required to various 
>>>> bits.. But thats a solution that could work too.
>>>>
>>>>     
>>>>       
>>>>         
>>> To OP; anecdotal evidence only -- and I certainly wouldn't recommend
>>> using PPTP for a secure VPN solution :)  
>>>     
>>>       
>> The OP did not want security, only tunneling. His desire. Definitely not 
>> mine. My work for the last 14 years has been to make communication on 
>> the Internet unassailable, at least along the data path (I make no 
>> attempts with the OS or apps).
>>
>> I would like to see ALL communications be encrypted. D*MN the torpedos!
>>
>>   
>>     
>>> At my previous job we ran
>>> PoPToP (PPTP) on CentOS and the older HP DL140 G1 1U servers and were
>>> handling up to 1000 clients pretty comfortably per machine.  This was
>>> with 1GB of RAM per server and a single 2.4GHz Xeon processor.
>>>   
>>>     
>>>       
>> I have heard of similar numbers.
>>
>>   
>>     
>>> Left before we could migrate to OpenVPN which I think would have
>>> slightly higher processing requirements. :)
>>>     
>>>       
>> Sure would have!
>>
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>>   
>>     
> openvpn doesn't hit a modern cpu that hard anymore(unless you dialup 
> something higher than 128 bit).  I routinely do 5-10 users an sub 1ghz 
> machines with openvpn.  Leave the encryption in place..it's not going to 
> make a huge difference.

Like I said, it is the setup that is the killer. If the users all come 
on within a short time frame, they can fail. 5-10 users is nothing. D-H, 
and RSA are killers for CPUs. ECC can be too, it depends on which curve 
and whos code (some of it patented).




More information about the CentOS mailing list