Huge number of users

  • Hey Guys. I'm testing OpenVPN with about 20 active connections without trouble. My question is. How many more connections can I manage? someone has tested it? at least 60 or 80 active connections? What I need to take care of?

    • Hardware

    • Encryption

    • Internet bandwidth

    (currently, I'm running my pfsense over an Intel Xeon E3-1230 V2, AES-NI CPU crypto active, 8GB RAM, 120GB SSD)

    Thanks in advance.

  • LAYER 8 Netgate

    Depends on what the users are doing. As in packet sizes and traffic levels.

    The number of users really doesn't matter much.

  • Thanks for your answer, well most of them (users) will register a softphone and make calls through the VPN, additionally they use a web app hosted in the same network segment that the firewall lives.

  • @hayku

    If they're using Wifi calling, the calls are already encrypted with IPSec. Some soft phone apps also encrypt

  • LAYER 8 Netgate

    Again, you are not telling us how much data each of them will be passing. A VoIP phone uses like 64Kb/sec per call path which is essentially nothing.

    As for the web application, well, that depends on what it does.

  • Ok, about the traffic that the users would generate:
    *VoIP call 64Kbs per channel (2 channels x call ) about 128Kbs.
    *Web application with real-time notifications and some video conference features (200Kbps)

    I think it's about 320 to 350 kbps per user.

  • @hayku said in Huge number of users:

    *VoIP call 64Kbs per channel (2 channels x call ) about 128Kbs.

    Where are you getting 2 channels from? Also, the bandwidth used varies with the CODEC. For example, G.729a runs at 8 Kb/s, G.711 is 64 Kb and these days HD Voice is popular, which would use more bandwidth. There are a variety of CODECs to chose from.

    BTW, several years ago, I used to work with a device called a "PBX extender", which extended PBX phones from the main office to a remote site. I often put 8 extentions over a 128 Kb ISDN BRI connection.

  • LAYER 8 Rebel Alliance

    80 Users is not a huge number. :-)
    I'd not expect any problems. You could maybe run multiple OpenVPN instances to split the load.


  • @Rico Do you mean run multiple instances over the same firewall?

  • LAYER 8 Rebel Alliance

    Yes, one drawback of OpenVPN (i.e. VS IPsec) is that one instance can only address one CPU core.
    So with only one instance under heavy load you could have your CPU still sitting there bored more or less, depending on your number of cores. ☺
    For OpenVPN it's always best to have a CPU with as much clock frequency as possible.


  • @Rico Great, thanks for your advice

Log in to reply