On 05/08/14 08:36, Gert Doering wrote: > "Nobody did the code yet". > > This is a complex problem. You need a programmer that understands > parallel processes or threads, network, security, and is willing to > spend quite a bit of personal time on it - implementation, code review, > testing. I think it can be hacked into place (with the right choice of OS of course)
I've effectively "multi-processor"-ed openvpn by running multiple copies on different ports, and then using iptables to round-robin new connections onto those backend services. ie on a 4-core processor, have 4 copies of openvpn (well, I actually have 8: 4 for udp and 4 for tcp) running. The trick is to use "client-connect" to enable you to use a shared ip pool amongst the different instances, but it seems to work well (I haven't tested it at load, all I know is that incoming users are allocated different openvpn processors and it all seems to work) eg iptables -A PREROUTING -i eth1 -p udp -m udp -m multiport --dports 443,500,1194,4500 -j DNAT --to-destination srv.ip.addr:3000-3003 --random iptables -A PREROUTING -i eth1 -p tcp -m tcp -m multiport --dports 1194,3389,443 -j DNAT --to-destination srv.ip.addr:3000-3003 --random That enables a complex openvpn client config that can iterate through a range of UDP ports and then TCP ports before giving up, and any that are successful at getting out whatever local firewall they have are then redirected onto local ports 3000-3003: each of which have a separate copy of openvpn running I use client-connect to give a local shared ip pool and in fact make the addresses "sticky" - ie you always get the IP address you got the first time you connected. Obviously the pool would always need to be bigger than the maximum number of clients - but that isn't a big deal on our 10/8 network. This is the biggest thing I love about openvpn: the scripting triggers it supports. You can basically make it do anything :-) -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
