Why Are There Multiple Interfaces?

Question: Why does Access Server have multiple network interfaces?

Answer:

Multiple interfaces (e.g., as0t0, as0t1) are created to allow multiple OpenVPN daemons to run concurrently, improving performance on multi-core systems.

The OpenVPN 2 codebase operates on a single-thread, using one CPU core. To address this performance limitation on multi-core servers, Access Server spawns multiple daemons—one TCP and one UDP daemon per CPU core by default. A simple load-balancing system using iptables directs incoming VPN connections to the least loaded daemon.

Each daemon uses its own network interface, named as0t0, as0t1, etc., and receives a portion of the subnet defined in the Access Server settings. The system ensures seamless communication between clients connected to different daemons by routing traffic through the operating system’s routing table.