[CentOS] regarding vpn server for 1500 clients
rgm at htt-consult.com
Fri Dec 19 18:54:32 UTC 2008
Ray Van Dolson wrote:
> On Fri, Dec 19, 2008 at 01:14:34PM -0500, Ross Walker wrote:
>> On Dec 19, 2008, at 12:20 PM, Ray Van Dolson <rayvd at bludgeon.org> wrote:
>>> How about lots of GRE tunnels? :-)
>> Well PPTP is PPP over GRE, so that's basically it.
>> PPTP can run without encryption too if the OP really doesn't care
>> about encryption.
> The only thing I'll say in the world of using PPTP (via PoPToP) is to
> consider what happens when most or all of your clients reconnect at one
> time (network glitch, etc). This was my biggest challenge as the
> original configuration had PPP calling all sorts of perl scripts and
> such from its ip-up mechanism. The server would come to a complete
> crawl as 800+ of these ip-up scripts would fire off along with their
> associated tasks. This would result in clients timing out, links
> failing, etc -- the server could never "catch up".
I was recommending it based on the protocol. I did mention that I have
limited deployment experience.
OUCH. All that perl could really kill the user experience.....
Almost as bad as a D-H exponentiation!
> The band-aid solution was to rate limit SYN packets that established
> the connection... the permanent solution was to write a plugin for PPPd
> in C that replaced most of the ip-up functionality with something a bit
> more efficient.
> As long as you're not needing to do any sort of complex post login
> tasks for each user, this may not even end up being an issue. But
> something to keep in mind and plan for if you're talking 1500 users...
> CentOS mailing list
> CentOS at centos.org
More information about the CentOS