[ previous ] [ next ] [ threads ]
 
 From:  Claude Hecker <claude dot hecker at phoenix dash mecano dot com>
 To:  Roy Andre Tollefsen <royandre at emsp dot no>, "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re:[m0n0wall] Using m0n0wall as a larger PPTP/VPN-server
 Date:  Wed, 16 Mar 2005 13:37:18 +0100
Am 16.03.2005 12:02 Uhr schrieb "Roy Andre Tollefsen" unter
<royandre at emsp dot no>:

> We are using m0n0wall as a general firewall, but we've also started
> using the PPTP/VPN-server for some clients to be able to log in from WAN
> to some internal network-interfaces (we've got 13 network-interfaces on
> the server as of today...). We now consider using PPTP/VPN in a much
> larger scale and give many more users access through this splendid
> feature. We therefore have some questions in general:
> 
>  
> 
> 1) As one can see in the PPTP-configuration-page there's a 16-user limit
> today in the PPTP-server. I guess that means that only 16 concurrent
> users can be authenticated and logged in at the same time. We have great
> programmers here which could re-write this to make m0n0wall be able to
> allow more users in that case, but maybe somebody's already working on
> this? I couldn't find it in the todo-list anyway. Somebody?
> 
> * we currently use this feature based on m0n0 1.2b3 up to 128 concurrent users
> peak 
> * at a customized image
> 
> 2) Secondly, if we - lets say - want to let 100 users be able to log in
> concurrently through PPTP/VPN in m0n0wall, how could the
> CPU/memory-utilization be? I know VPN uses lots and lots of CPU to
> encrypt data, but does anyone have any estimate on what hardware-specs
> would be enough roughly?
> 
> * hardware is very different from that what the m0n0 orig. was desigend for
> * 1GHz CPU, 512 MB RAM, 64 MB CF, 6 NIC
> * u can find the hardware here
> http://www.iei.com.tw/tw/product_IPC.asp?model=FWAP-3680L
> * running a few more deamons utilization is up to 42% avg.
>  
> 3) Is it in any way possible to re-write the PPTP-sever so that when you
> add new users you don't need to "hang up" (IE: restart) the PPTP-server
> so that already-logged-in users loose their connection?
> 
> * never done those changes, nor thought about it because not really needed!
> * hope this helps
> * regards Claude Hecker
> 
> Thanks in advance.
> 
>  
> 
> Kind regards, 
> 
> Roy Andre T. 
> 
> Systems engineer 
> 
> EM Software 
> 
>  
> 
>  
>