Tutorial: Turn Off Mult-Daemon Mode and Use Only TCP or UDP
Access Server uses a multi-daemon mode because the OpenVPN 2 code base is single-thread. However, you may want to turn this off in certain cases, following the steps here.
Overview
In Access Server, multi-daemon mode optimizes performance by running multiple OpenVPN daemons, one for each CPU core, supporting both TCP and UDP protocols. However, there are scenarios where you might need to turn off multi-daemon mode and use a single daemon instead.
Important
Considerations
Web UI Access: Changing to a single daemon may block access to the Admin and Client Web UIs.
Restricted Networks: Using only a UDP daemon may prevent connections from restrictive networks that block UDP but allow TCP 443.
TCP Meltdown: Using only TCP daemons may lead to performance issues due to the TCP Meltdown phenomenon.
This configuration should be used cautiously, considering the potential impacts on connectivity and performance.
An installed Access Server.
Console access and the ability to get root access.
Connect to the console and get root privileges.
Disable multi-daemon mode:
./sacli --key "vpn.server.daemon.enable" --value "false" ConfigPut
Configure the daemon to use TCP:
./sacli --key "vpn.daemon.0.listen.protocol" --value "tcp" ConfigPut
Enable port sharing:
./sacli --key "vpn.server.port_share.enable" --value "true" ConfigPut
Restart the service:
./sacli start
Connect to the console and get root privileges.
Disable multi-daemon mode:
./sacli --key "vpn.server.daemon.enable" --value "false" ConfigPut
Configure the daemon to use UDP:
./sacli --key "vpn.daemon.0.listen.protocol" --value "udp" ConfigPut
Disable port sharing:
./sacli --key "vpn.server.port_share.enable" --value "false" ConfigPut
Restart the service:
./sacli start