[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] OpenVPN sizing question

  • Subject: Re: [Openvpn-users] OpenVPN sizing question
  • From: Ming-Ching Tiew <mctiew@xxxxxxxxx>
  • Date: Mon, 17 Dec 2007 04:45:26 -0800 (PST)

--- Jan Just Keijser <janjust@xxxxxxxxx> wrote:

> hi,
> exactly what is it that you are trying to achieve?
> OpenVPN supports 1000+ users without problems but
> this has very little 
> to do with shell scripts and user login+passwords:
> openvpn uses 
> certificates to manage its users. It is possible to
> add user 
> login+password authentication

Impossible ? But I have already implemented it and
it's working. You probably haven't used such
capabilities of OpenVPN but I have my own objective to
achieve and don't want to get into the problem of
managing certificates is one of them.

> but it is still a bad
> idea to share the 
> same certificate amongst many users. So have you
> thought about managing 
> 1000+ certificates?

I have my own objective and as mentioned, using
certificates gives rise to a totally different sets of
problem and that's what I am trying to avoid.

Anyway username/password is good or bad idea is not
quite the subject of the discussion.

> ISPs support many thousands of users on a single
> unix/linux box for 
> login shell access, so I don't see too many problems
> there either. Run 
> enought instances of 'nscd' or anything else that
> caches username 
> credentials and you should be fine. Also, some Unix
> flavours support 
> hashing of the /etc/passwd+/etc/shadow files for
> faster access. I'm not 
> sure if Linux also supports it but would be highly
> surprised if it doesn't.

I am not too sure if ISP uses unix/linux login (
/etc/passwd+/etc/shadow for a huge number of users.
Is this practise common ? All I know is that ISP
normally uses radius, and account info is normally
stored in database. 

And besides this, any others things might be factor to
consider in supporting 1000 users in OpenVPN ?


Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 

Openvpn-users mailing list