[CentOS] regarding vpn server for 1500 clients

Fri Dec 19 18:54:32 UTC 2008
Robert Moskowitz <rgm at htt-consult.com>

Ray Van Dolson wrote:
> On Fri, Dec 19, 2008 at 01:14:34PM -0500, Ross Walker wrote:
>   
>> On Dec 19, 2008, at 12:20 PM, Ray Van Dolson <rayvd at bludgeon.org> wrote:
>>
>>     
>>> How about lots of GRE tunnels? :-)
>>>       
>> Well PPTP is PPP over GRE, so that's basically it.
>>
>> PPTP can run without encryption too if the OP really doesn't care  
>> about encryption.
>>
>>     
>
> The only thing I'll say in the world of using PPTP (via PoPToP) is to
> consider what happens when most or all of your clients reconnect at one
> time (network glitch, etc).  This was my biggest challenge as the
> original configuration had PPP calling all sorts of perl scripts and
> such from its ip-up mechanism.  The server would come to a complete
> crawl as 800+ of these ip-up scripts would fire off along with their
> associated tasks.  This would result in clients timing out, links
> failing, etc -- the server could never "catch up". 
>   

I was recommending it based on the protocol. I did mention that I have 
limited deployment experience.

OUCH. All that perl could really kill the user experience.....

Almost as bad as a D-H exponentiation!


> The band-aid solution was to rate limit SYN packets that established
> the connection... the permanent solution was to write a plugin for PPPd
> in C that replaced most of the ip-up functionality with something a bit
> more efficient.
>
> As long as you're not needing to do any sort of complex post login
> tasks for each user, this may not even end up being an issue.  But
> something to keep in mind and plan for if you're talking 1500 users...
> :)
>
> Ray
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>