[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] OpenVPN 2.0 max-clients setting and behaviour

  • Subject: Re: [Openvpn-users] OpenVPN 2.0 max-clients setting and behaviour
  • From: Pete Harlan <harlan@xxxxxxxxxxxxx>
  • Date: Thu, 26 Jul 2007 16:56:17 -0500

On Fri, Jul 27, 2007 at 09:40:23AM +1200, Tarken Winn wrote:
> Hi all,
> We are successfully running OpenVPN 2.0 and have been for over a year. It is
> working absolutely perfectly - totally reliable. Well done and thanks to
> everyone involved in its development.
> Now I have searched and searched for information on the following, and it
> may be absolutely trivial so doesn't need clarifying, but I have been unable
> to find any answer to the following...
> We are approaching the limit of clients which can be assigned ip addresses
> in the range of - (/30 for Windows clients). I am

Since your config says:


your server will issue IPs in the 10.8.x.x network, not 10.8.0.x.  So
yes, it should "roll over" from to, and on up to

At least that's what a netmask of normally means.


> wondering what happens when we need another ip address for a client after
> all possible IP addresses in the above range have been assigned. Does the
> OpenVPN server just start using 10.8.1.x ? Something else? Will my happy
> little VPN all fall apart?
> As I say, I have been unable to find any information specifically related to
> this 'issue'. I have seen numerous example conf files with settings such as
> "max-clients 150", "max-clients 500", "max-clients 1000", "max-clients
> 10000" etc and several discussions of the bandwidth requirements being a
> possible problem, but no mention of what actually happens with the ip
> addresses and behaviour of the system. I have also seen that by default a
> 2.0 server can support 60 odd thousand clients (!? - I can't remember [or
> find] exactly which setting this was). Is it really as simple as specifying
> "max-clients n" where n can be in the hundreds or thousands so long as the
> server and bandwidth can handle it?
> I would like to know what happens once the initial ip address range has been
> assigned to clients. Also what is the behaviour as max-clients increases?
> Are there any issues with client-to-client when they are on different ip
> address ranges? Does the server simply route from to
> example)?
> Our key settings from the server.conf file follow:
> proto udp
> dev tun
> server
> ifconfig-pool-persist /etc/openvpn/ipp.txt
> ;ifconfig-pool-linear (damn Windows clients!)______________________
OpenVPN mailing lists