Hi there There have been a few occasions where some valid Windows client would continually hit our openvpn server, but something goes wrong on the client end and it immediately retries: around once every 5 seconds. No idea what the root cause is (besides "it's Windows" ;-), but it's the impact on the server that this email is about
We use the script options on "--up",etc - so what happens is there is a flood of scripts being run against this "client-that-is-broken" and basically the load average goes through the roof (ie due to the scripts more than openvpn itself) and the entire server starts to stagger - which would affect all the nicely connected clients. To reiterate, this means the client gets a tunnel up and running, but then immediately gets another tunnel up and running (the first one still going, calling "--up" scripts and yet that client session is dead, waiting for the server to time it out) Not much to go on I know, but could there be some way for openvpn server to keep track of something like "timestamp:externalIP:cert" and basically start ignoring new sessions if it sees more than one every XX seconds? That would reduce the damage such events cause (note I don't include ports in my suggestion because an openvpn server may have multiple ports available to all clients - so they're not unique) Thanks PS: actually, I've seen this with the Chrome client too. Totally bugs on the client - but it kills the server -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
