[CentOS] regarding vpn server for 1500 clients
Robert Moskowitz
rgm at htt-consult.com
Fri Dec 19 18:54:32 UTC 2008
Ray Van Dolson wrote:
> On Fri, Dec 19, 2008 at 01:14:34PM -0500, Ross Walker wrote:
>
>> On Dec 19, 2008, at 12:20 PM, Ray Van Dolson <rayvd at bludgeon.org> wrote:
>>
>>
>>> How about lots of GRE tunnels? :-)
>>>
>> Well PPTP is PPP over GRE, so that's basically it.
>>
>> PPTP can run without encryption too if the OP really doesn't care
>> about encryption.
>>
>>
>
> The only thing I'll say in the world of using PPTP (via PoPToP) is to
> consider what happens when most or all of your clients reconnect at one
> time (network glitch, etc). This was my biggest challenge as the
> original configuration had PPP calling all sorts of perl scripts and
> such from its ip-up mechanism. The server would come to a complete
> crawl as 800+ of these ip-up scripts would fire off along with their
> associated tasks. This would result in clients timing out, links
> failing, etc -- the server could never "catch up".
>
I was recommending it based on the protocol. I did mention that I have
limited deployment experience.
OUCH. All that perl could really kill the user experience.....
Almost as bad as a D-H exponentiation!
> The band-aid solution was to rate limit SYN packets that established
> the connection... the permanent solution was to write a plugin for PPPd
> in C that replaced most of the ip-up functionality with something a bit
> more efficient.
>
> As long as you're not needing to do any sort of complex post login
> tasks for each user, this may not even end up being an issue. But
> something to keep in mind and plan for if you're talking 1500 users...
> :)
>
> Ray
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
More information about the CentOS
mailing list