On Tue, Aug 5, 2014 at 12:27 AM, Gert Doering <g...@greenie.muc.de> wrote:
>>> >
>> > This is a complex problem.  You need a programmer that understands
>> > parallel processes or threads, network, security, and is willing to
>> > spend quite a bit of personal time on it - implementation, code review,
>> > testing.
>> I think it can be hacked into place (with the right choice of OS of course)
>>
>> I've effectively "multi-processor"-ed openvpn by running multiple copies
>> on different ports, and then using iptables to round-robin new
>> connections onto those backend services.
>
> Yes, this can be done (and this is what OpenVPN AS does "under the hood",
> with slightly more magic regarding the distribution of incoming connections).
>
> It will scale better than just one OpenVPN process, but is still not ideal
> from a load distribution perspective, and - as you point out - needs help
> from a client-connect script to get IP address assignment right.

I don't know enough about the rekeying process to know it this is
feasible, but it seems like there should be a way to use something
like apache's prefork model to spin off some number of processes to do
the cpu-intensive parts without a lot of change to the base code or
the complications of making everything thread-safe. And let the OS
spread the processes over different CPUs.

-- 
    Les Mikesell
      lesmikes...@gmail.com

------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls. 
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to