Em Ter, 2005-09-27 às 21:58 -0400, Leonard Isham escreveu: > On 9/27/05, Marcelo Toledo <marc...@marcelotoledo.org> wrote: > > I have one OpenVPN server version 2.0.2 using TCP port 1194 with TLS > > with about 400 clients connected to it. From time to time it's > > impossible to ping the client from the server, but if you log into the > > client and ping the server, the server now became able to ping the > > client. I made a lot of tests removing the bridge and trying a older > > versions of openvpn and the problem still hapenning with about 20% of > > the clients connected to the vpn. > > > > here is the config of the client and server: > > > > # SERVER CONFIG > > mode server > > port 1194 > > proto tcp-server > > dev tap > [snip] > > Observations: > 1. 400 clients... 1 server only?
Yes, 400 clients and only 1 server. > 2. TAP means additional overhead full ethernet packet encapsulated in > TCP/IP packet. Broadcasts, fragmented ethernet datagrams and for 400 > clients.... We don't use TUN because from what I know it opens one connection per port and also one configuration per client, which is insane for a 400 clients and growing (we're going to reach 600 by the end of this year). > 3. TCP over TCP is not recommended. The internal congestion control > can conflict with the external congestion control. We already used OpenVPN with UDP, but the oscillations were much higher then today, that's why we migrated to TCP. > 4. What is your full bandwidth and usable bandwidth at the server? We have 3MB and we're using half of it (1.5). what do you think? -- Marcelo Toledo <marc...@marcelotoledo.org>
