Skip to main content

Tutorial: Turn Off Multi-Daemon Mode and Use Only TCP or UDP

Abstract

Access Server uses a multi-daemon mode because the OpenVPN 2 code base is single-threaded. However, you may want to turn this off in certain cases, following the steps here.

Overview

In Access Server, multi-daemon mode optimizes performance by running multiple OpenVPN daemons, one for each CPU core, supporting both TCP and UDP protocols. However, there are scenarios where you might need to turn off multi-daemon mode and use a single daemon instead.

Important

Considerations

  • Web UI Access: Changing to a single daemon may block access to the Admin and Client Web UIs.

  • Restricted Networks: Using only a UDP daemon may prevent connections from restrictive networks that block UDP but allow TCP 443.

  • TCP Meltdown: Using only TCP daemons may lead to performance issues due to the TCP Meltdown phenomenon.

This configuration should be used with caution, considering its potential impact on connectivity and performance.

Prerequisites

  • An installed Access Server.

  • Console access and the ability to get root access.

Option 1: Turn off multi-daemon mode and use only TCP

  1. Connect to the console and get root privileges.

  2. Disable multi-daemon mode:

    sacli --key "vpn.server.daemon.enable" --value "false" ConfigPut

  3. Configure the daemon to use TCP:

    sacli --key "vpn.daemon.0.listen.protocol" --value "tcp" ConfigPut

  4. Enable port sharing:

    sacli --key "vpn.server.port_share.enable" --value "true" ConfigPut

  5. Restart the service:

    sacli start

Option 2: Turn off multi-daemon mode and use only UDP

  1. Connect to the console and get root privileges.

  3. Disable multi-daemon mode:

    ./sacli --key "vpn.server.daemon.enable" --value "false" ConfigPut

  4. Configure the daemon to use UDP:

    ./sacli --key "vpn.daemon.0.listen.protocol" --value "udp" ConfigPut

  5. Disable port sharing:

    ./sacli --key "vpn.server.port_share.enable" --value "false" ConfigPut

  6. Restart the service:

    ./sacli start

Option 3: Manage this setting in the Admin Web UI

  1. Sign in to the Admin Web UI.

  2. Click VPN Server.

  3. On the Network Settings tab, scroll down to the OpenVPN daemons section

  4. Select your Protocol from the drop-down box:

    • TCP and UDP is multi-daemon mode.

    • TCP will run only a TCP daemon.

    • UDP will run only a UDP daemon.

  5. Click Save and Restart.

In this section:

Access Server's web server used by the administrator to configure the VPN server.