[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: OpenVPN Server Performance (real experience)

  • Subject: Re: [Openvpn-users] Re: OpenVPN Server Performance (real experience)
  • From: Jon Bendtsen <jon.bendtsen@xxxxxxxxxx>
  • Date: Mon, 6 Mar 2006 09:16:08 +0100
Den mandag 6.mar kl. 3:05 skrev Dale:

Dale wrote:

Dale <d.schultz <at> telesat.ca> writes: 
Charles Duffy <cduffy <at> spamcop.net> writes:

I'd be interested to see what exactly your system is actually doing that's throttling the CPU. Perhaps you could use oprofile to find out if it's spending its time inside OpenSSL (which is the only *legitimate* place for it to be) or somewhere else.


I can look at tusing that tool, thanks. I just want to be clear though, I'm only having CPU load issues when the network has to re-establish all the tunnels with the remotes. I have no problems once the tunnels are up. The CPU with 200+ tunnels running is very low in normal operating mode. The highest I see it go is 10%, and that is when the reneg kicks in. I need to look at the reneg option too, I'd like to get away from the 3600 seconds thing. Can I use both reneg on a packet count and on time together? Such that if the packet limit is not reached before the time period then the time cause a reneg?

Thanks
Hi: Does anyone know the affect of using dh4096.pem on tunnel establishment compared to n=1024 or n=2048? I didn't create this server but I did find out that we are using n=4096 and it took three days to generate the DH parameters on this server (3GHz Intel Xeon).
To answer my own question, here are a few stats from my server using different dh key sizes.
(All of these readings were seen via top and iftop while 275 clients pounded away on the server trying to re-establish their tunnels. connect-freq 2 1 was used)
dh1024.pem: CPU load between 5 to 20% eth0 output data rate: 500kbps
dh2048.pem: CPU load between 10 to 35% eth0 output data rate: 300kbps
dh4096.pem: CPU load between 75 to 100% eth0 output data rate: 175kbps

I hope this helps a few people when considering their client base, server size and Internet connection bandwidth. 

Did it make any change when the clients was authenticated?
during normal use?



JonB

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users


Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-03/msg00060.html on line 219

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-03/msg00060.html on line 219