[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN 2.0 max-clients setting and behaviour


  • Subject: Re: [Openvpn-users] OpenVPN 2.0 max-clients setting and behaviour
  • From: Pete Harlan <harlan@xxxxxxxxxxxxx>
  • Date: Thu, 26 Jul 2007 16:56:17 -0500

On Fri, Jul 27, 2007 at 09:40:23AM +1200, Tarken Winn wrote:
> Hi all,
> 
> We are successfully running OpenVPN 2.0 and have been for over a year. It is
> working absolutely perfectly - totally reliable. Well done and thanks to
> everyone involved in its development.
> 
> Now I have searched and searched for information on the following, and it
> may be absolutely trivial so doesn't need clarifying, but I have been unable
> to find any answer to the following...
> 
> We are approaching the limit of clients which can be assigned ip addresses
> in the range of 10.8.0.1 - 10.8.0.255 (/30 for Windows clients). I am

Since your config says:

	server 10.8.0.0 255.255.0.0

your server will issue IPs in the 10.8.x.x network, not 10.8.0.x.  So
yes, it should "roll over" from 10.8.0.255 to 10.8.1.0, and on up to
10.8.255.254.

At least that's what a netmask of 255.255.0.0 normally means.

--Pete

> wondering what happens when we need another ip address for a client after
> all possible IP addresses in the above range have been assigned. Does the
> OpenVPN server just start using 10.8.1.x ? Something else? Will my happy
> little VPN all fall apart?
> 
> As I say, I have been unable to find any information specifically related to
> this 'issue'. I have seen numerous example conf files with settings such as
> "max-clients 150", "max-clients 500", "max-clients 1000", "max-clients
> 10000" etc and several discussions of the bandwidth requirements being a
> possible problem, but no mention of what actually happens with the ip
> addresses and behaviour of the system. I have also seen that by default a
> 2.0 server can support 60 odd thousand clients (!? - I can't remember [or
> find] exactly which setting this was). Is it really as simple as specifying
> "max-clients n" where n can be in the hundreds or thousands so long as the
> server and bandwidth can handle it?
> 
> I would like to know what happens once the initial ip address range has been
> assigned to clients. Also what is the behaviour as max-clients increases?
> Are there any issues with client-to-client when they are on different ip
> address ranges? Does the server simply route from 10.8.0.12 to
> 10.8.1.16(for example)?
> 
> Our key settings from the server.conf file follow:
> 
> proto udp
> dev tun
> server 10.8.0.0 255.255.0.0
> ifconfig-pool-persist /etc/openvpn/ipp.txt
> ;ifconfig-pool-linear (damn Windows clients!)______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users