Skip to main content

Tutorial: Set a Local Connection Limit

Abstract

How to limit the number of connections on a specific server for a subscription shared across multiple Access Servers.

Overview

Subscriptions can be shared across multiple servers, allowing a flexible allocation of VPN connections. Each server with an active subscription can establish the total number of connections the subscription allows. However, there may be scenarios where you want to limit the number of connections a specific server can handle. This tutorial will guide you through configuring a local connection limit on individual servers, ensuring that no single server exceeds a set number of VPN connections.

Tip

By setting a local connection limit, you can better manage how VPN connections are distributed across your servers, preventing any single server from using all available connections. This flexibility is especially useful in larger deployments requiring precise control over resource allocation.

Prerequisites

  • At least two servers with Access Server installed.

  • An active subscription on the servers.

  • Console access to the servers with root privileges.

Step 1: Understand how subscription sharing works

  • When you apply a subscription to multiple Access Servers, each server can establish the total number of VPN connections specified by the subscription.

  • For example, if your subscription allows 10 VPN connections and is activated on three servers, each server can accept up to 10 connections. However, if the total number of connections across all servers exceeds the subscription limit (10 in this case), the system will automatically reduce the number of allowed connections on the servers to maintain compliance with the subscription.

Step 2: Configure a local connection limit

  1. Connect to the console and get root privileges.

  3. Run the following command, replacing <NUMBER_OF_CONNECTIONS> with your desired maximum number of connections.

    ./sacli --key "subscription.local_cc_limit" --value "<NUMBER_OF_CONNECTIONS>" ConfigPut

  4. Restart the Access Server service to apply the changes:

    service openvpnas restart

This command sets a local limit on the specific server, ensuring it will not exceed the specified number of connections, even if the subscription allows more.

Step 3: Remove the local connection limit

  1. Connect to the console and get root privileges.

  3. Run the command to delete the local limit configuration:

    ./sacli --key "subscription.local_cc_limit" ConfigDel

  4. Restart the Access Server service:

    service openvpnas restart

This will reset the server to its default behavior, allowing it to use the full number of connections permitted by the subscription.

In this section: