On Tue, Aug 5, 2014 at 12:27 AM, Gert Doering <g...@greenie.muc.de> wrote: >>> > >> > This is a complex problem. You need a programmer that understands >> > parallel processes or threads, network, security, and is willing to >> > spend quite a bit of personal time on it - implementation, code review, >> > testing. >> I think it can be hacked into place (with the right choice of OS of course) >> >> I've effectively "multi-processor"-ed openvpn by running multiple copies >> on different ports, and then using iptables to round-robin new >> connections onto those backend services. > > Yes, this can be done (and this is what OpenVPN AS does "under the hood", > with slightly more magic regarding the distribution of incoming connections). > > It will scale better than just one OpenVPN process, but is still not ideal > from a load distribution perspective, and - as you point out - needs help > from a client-connect script to get IP address assignment right.
I don't know enough about the rekeying process to know it this is feasible, but it seems like there should be a way to use something like apache's prefork model to spin off some number of processes to do the cpu-intensive parts without a lot of change to the base code or the complications of making everything thread-safe. And let the OS spread the processes over different CPUs. -- Les Mikesell lesmikes...@gmail.com ------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users