Recommended maximum number of simultaneous client connections for a client to site OpenVPN?

bp81 · Feb 7, 2023, 6:25 PM

As the title asks. The device in question is a Netgate 6100. At what point do VPN connections start to bring down the router's performance significantly? I would expect the number to be around 20 most of the time, with a couple of spikes once or twice a year to around 100.

This would be an always up tunnel running on our windows workstations for the purposes of always having remote management capabilities.

rcoleman-netgate · Feb 7, 2023, 6:28 PM

@bp81 The simultaneous is per credential if you are doing 1 credential and expect 20+ users on that you might want to reconsider your approach -- if you have to change the credential method then everyone has to update.

Better to have 20 users credentials and give them 1 connection. Or 2 if you need a mobile device.

bp81 · Feb 7, 2023, 6:38 PM

@rcoleman-netgate said in Recommended maximum number of simultaneous client connections for a client to site OpenVPN?:

@bp81 The simultaneous is per credential if you are doing 1 credential and expect 20+ users on that you might want to reconsider your approach -- if you have to change the credential method then everyone has to update.

Better to have 20 users credentials and give them 1 connection. Or 2 if you need a mobile device.

This is what we are doing. Specifically, it will be certificate authentication with one unique certificate per workstation.

rcoleman-netgate · Feb 7, 2023, 6:42 PM

@bp81 Then one is fine.

bp81 · Feb 7, 2023, 6:48 PM

@rcoleman-netgate said in Recommended maximum number of simultaneous client connections for a client to site OpenVPN?:

@bp81 Then one is fine.

Maybe I didn't ask the question correctly.

How many tunnels can I have up and running, with light to moderate activity on those tunnels, before I start bogging down the router? One tunnel per workstation. On an average day I expect to have 20 tunnels running simultaneously, with occasional spikes to 100. This would be running on a Netgate 6100.

Dobby_ · Feb 7, 2023, 9:25 PM

@bp81

It all depends also on what are the workstations are doing through the tunnels! As an example, you have 20 tunnels
and heavy load on (through) them and this is like 50
tunnels and more with only some small traffic through them.

No one of us is able to answer this question without knowing what traffic and how much traffic is running through that tunnels.