[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] OpenVPN 2.0 max-clients setting and behaviour


  • Subject: [Openvpn-users] OpenVPN 2.0 max-clients setting and behaviour
  • From: "Tarken Winn" <tarkenwinn@xxxxxxxxx>
  • Date: Fri, 27 Jul 2007 09:40:23 +1200

Hi all,

We are successfully running OpenVPN 2.0 and have been for over a year. It is working absolutely perfectly - totally reliable. Well done and thanks to everyone involved in its development.

Now I have searched and searched for information on the following, and it may be absolutely trivial so doesn't need clarifying, but I have been unable to find any answer to the following...

We are approaching the limit of clients which can be assigned ip addresses in the range of 10.8.0.1 - 10.8.0.255 (/30 for Windows clients). I am wondering what happens when we need another ip address for a client after all possible IP addresses in the above range have been assigned. Does the OpenVPN server just start using 10.8.1.x ? Something else? Will my happy little VPN all fall apart?

As I say, I have been unable to find any information specifically related to this 'issue'. I have seen numerous example conf files with settings such as "max-clients 150", "max-clients 500", "max-clients 1000", "max-clients 10000" etc and several discussions of the bandwidth requirements being a possible problem, but no mention of what actually happens with the ip addresses and behaviour of the system. I have also seen that by default a 2.0 server can support 60 odd thousand clients (!? - I can't remember [or find] exactly which setting this was). Is it really as simple as specifying "max-clients n" where n can be in the hundreds or thousands so long as the server and bandwidth can handle it?

I would like to know what happens once the initial ip address range has been assigned to clients. Also what is the behaviour as max-clients increases? Are there any issues with client-to-client when they are on different ip address ranges? Does the server simply route from 10.8.0.12 to 10.8.1.16 (for example)?

Our key settings from the server.conf file follow:

proto udp
dev tun
server 10.8.0.0 255.255.0.0
ifconfig-pool-persist /etc/openvpn/ipp.txt
;ifconfig-pool-linear (damn Windows clients!)
max-clients 1000

Our clients only ping the server periodically and occasionally receive a bit of individual traffic so bandwidth is not an issue at all for us.

Thanks in advance for any help, comments, suggestions.

Regards,

Tarken Winn