[CentOS] regarding vpn server for 1500 clients

Fri Dec 19 18:15:05 UTC 2008
William Warren <hescominsoon at emmanuelcomputerconsulting.com>

Robert Moskowitz wrote:
> Ray Van Dolson wrote:
>   
>> On Fri, Dec 19, 2008 at 03:42:08PM +0000, Karanbir Singh wrote:
>>   
>>     
>>> Rainer Duffner wrote:
>>>     
>>>       
>>>>> 1500 clients is quite a lot, but not hard to handle from a single 
>>>>> machine if you select a cpu capable of doing ssl quickly. eg a power6 
>>>>> machine with a few cores would handle that without any problems.
>>>>>         
>>>>>           
>>>> And what is the suggested RRP of such a thing?
>>>> (If one may ask).
>>>>       
>>>>         
>>> I am sure if you ask someone who sells them, they will tell you :D
>>>
>>>     
>>>       
>>>>> If you want to stick with commodity hardware, a couple of quad core 
>>>>> amd's should also fit right in.
>>>>>         
>>>>>           
>>>> Or use an SSL-offloader.
>>>> Then, you can handle the same load with much less CPU-power.
>>>>       
>>>>         
>>> Can get fiddly, with specific drivers and patches required to various 
>>> bits.. But thats a solution that could work too.
>>>
>>>     
>>>       
>> To OP; anecdotal evidence only -- and I certainly wouldn't recommend
>> using PPTP for a secure VPN solution :)  
>>     
>
> The OP did not want security, only tunneling. His desire. Definitely not 
> mine. My work for the last 14 years has been to make communication on 
> the Internet unassailable, at least along the data path (I make no 
> attempts with the OS or apps).
>
> I would like to see ALL communications be encrypted. D*MN the torpedos!
>
>   
>> At my previous job we ran
>> PoPToP (PPTP) on CentOS and the older HP DL140 G1 1U servers and were
>> handling up to 1000 clients pretty comfortably per machine.  This was
>> with 1GB of RAM per server and a single 2.4GHz Xeon processor.
>>   
>>     
>
> I have heard of similar numbers.
>
>   
>> Left before we could migrate to OpenVPN which I think would have
>> slightly higher processing requirements. :)
>>     
>
> Sure would have!
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>   
openvpn doesn't hit a modern cpu that hard anymore(unless you dialup 
something higher than 128 bit).  I routinely do 5-10 users an sub 1ghz 
machines with openvpn.  Leave the encryption in place..it's not going to 
make a huge difference.