[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] OpenVPN sizing question

  • Subject: Re: [Openvpn-users] OpenVPN sizing question
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Mon, 17 Dec 2007 10:03:06 +0100


exactly what is it that you are trying to achieve?
OpenVPN supports 1000+ users without problems but this has very little 
to do with shell scripts and user login+passwords: openvpn uses 
certificates to manage its users. It is possible to add user 
login+password authentication but it is still a bad idea to share the 
same certificate amongst many users. So have you thought about managing 
1000+ certificates?

ISPs support many thousands of users on a single unix/linux box for 
login shell access, so I don't see too many problems there either. Run 
enought instances of 'nscd' or anything else that caches username 
credentials and you should be fine. Also, some Unix flavours support 
hashing of the /etc/passwd+/etc/shadow files for faster access. I'm not 
sure if Linux also supports it but would be highly surprised if it doesn't.



Ming-Ching Tiew wrote:
> Hi everyone,
> I have a sizing question with OpenVPN. I would like to
> support about 1000 users, and I am using shell scripts
> on Linux to search through flat file for user login
> and password and others. I don't want to use database
> to store these information as it will require more
> maintenance and setup. I would like to know if OpenVPN
> will have problem support that number of users on a
> decent multiprocessor machines - linearly search
> through the 1000 lines when users login using shell
> script. I am going to run multiple instances of
> OpenVPN to take advantage of the multi processor
> capability.
> Perhaps I would consider using simple non-RDBMS method
> to store and search these records. But I haven't found
> anything yet. Simplicity is a factor which I hope to
> achieve as well. I check the time the system searches
> linearly through the 1000 records, it's very fast. But
> here I am testing on a single user. 
> Also I would like to know besides the bottle neck on
> the shell script searches of text file, is there
> anything else which could be bottle neck.

Openvpn-users mailing list