> Web servers these days are also multi-threaded (or "multi-forked"), so > they can utilize multiple cores more efficiently. OpenVPN is *single > threaded*. So when one client starts a TLS renegotiation, it blocks all > the other connected clients until the renegotiation have completed. > When you then have 100 connected clients spending 1-2 seconds on each > renegotiation happening at the same time, you will have 100-200 seconds > of slow and lagging VPN tunnel. This does not mean that you will see a > CPU spike, as each client is handled serialized (one by one) - not in > parallel.
That's only true for single instance servers, with multiple OpenVPN instances and limited CPU cores this quickly becomes an issue. Simon ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
