William Warren wrote:
Robert Moskowitz wrote:
Ray Van Dolson wrote:
On Fri, Dec 19, 2008 at 03:42:08PM +0000, Karanbir Singh wrote:
Rainer Duffner wrote:
1500 clients is quite a lot, but not hard to handle from a single machine if you select a cpu capable of doing ssl quickly. eg a power6 machine with a few cores would handle that without any problems.
And what is the suggested RRP of such a thing? (If one may ask).
I am sure if you ask someone who sells them, they will tell you :D
If you want to stick with commodity hardware, a couple of quad core amd's should also fit right in.
Or use an SSL-offloader. Then, you can handle the same load with much less CPU-power.
Can get fiddly, with specific drivers and patches required to various bits.. But thats a solution that could work too.
To OP; anecdotal evidence only -- and I certainly wouldn't recommend using PPTP for a secure VPN solution :)
The OP did not want security, only tunneling. His desire. Definitely not mine. My work for the last 14 years has been to make communication on the Internet unassailable, at least along the data path (I make no attempts with the OS or apps).
I would like to see ALL communications be encrypted. D*MN the torpedos!
At my previous job we ran PoPToP (PPTP) on CentOS and the older HP DL140 G1 1U servers and were handling up to 1000 clients pretty comfortably per machine. This was with 1GB of RAM per server and a single 2.4GHz Xeon processor.
I have heard of similar numbers.
Left before we could migrate to OpenVPN which I think would have slightly higher processing requirements. :)
Sure would have!
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
openvpn doesn't hit a modern cpu that hard anymore(unless you dialup something higher than 128 bit). I routinely do 5-10 users an sub 1ghz machines with openvpn. Leave the encryption in place..it's not going to make a huge difference.
Like I said, it is the setup that is the killer. If the users all come on within a short time frame, they can fail. 5-10 users is nothing. D-H, and RSA are killers for CPUs. ECC can be too, it depends on which curve and whos code (some of it patented).