From: "Bogdan Rudas via Openvpn-users" <openvpn-users@lists.sourceforge.net<mailto:openvpn-users@lists.sourceforge.net>> Date: Wednesday, 10 February 2021 at 22:42:37 To: "Ralf Hildebrandt" <ralf.hildebra...@charite.de<mailto:ralf.hildebra...@charite.de>> Cc: "Openvpn Users" <openvpn-users@lists.sourceforge.net<mailto:openvpn-users@lists.sourceforge.net>> Subject: Re: [Openvpn-users] Flock of openvpn Servers: how to make one machine stop accepting NEW clients? Hi! Why don't you want to put a load balancer in front of your cluster? I believe you can even run all openvpn instnces on same server (or a pair of, just for redundancy). Nginx can balance openvpn clients just fine and limit amount of backend connections, haproxy can work if you don't need UDP traffic, LVS does not works as expected with UDP balancing. Keepalved can serve you with IP failover. On Fri, Jan 8, 2021 at 2:00 PM Ralf Hildebrandt <ralf.hildebra...@charite.de<mailto:ralf.hildebra...@charite.de>> wrote: We have a flock of openvpn Servers. We're using DNS round robin (openvpn.charite.de<http://openvpn.charite.de>). Currentlym we have 421 clients on machine 0 465 clients on machine 1 598 clients on machine 2 246 clients on machine 3 How can I change my auth-user-pass-verify / client-connect or learn-address scripts to prevent MORE clients on machine 2? I could return AUTH_FAILED, but that would irritate the users, since their clients would ask for a (new) password. To hard-limit the number of connections to any specific vpn server proces, you should use the “max-client” option in the config. In order to spread new load over multiple processes or machines, you don’t need nginx or so: iptables has excellent balancing options. -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 ralf.hildebra...@charite.de<mailto:ralf.hildebra...@charite.de> https://www.charite.de _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net<mailto:Openvpn-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/openvpn-users -- Bogdan Rudas Director of IT Europe Exadel Inc. http://www.exadel.com/ E-mail: bru...@exadel.com<mailto:bru...@exadel.com> Skype ID: bogdan.rudas CONFIDENTIALITY NOTICE: This email and files attached to it are confidential. If you are not the intended recipient you are hereby notified that using, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error please notify the sender and delete this email. Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
