[Openswan Users] Scalability testing with Openswan as a VPN concentrator

Andy fs at globalnetit.com
Mon Aug 8 13:42:24 CEST 2005


I'm working on a project using Openswan (with Linux 2.6.12.3 right now)
as a concentrator for a potentially huge population of remote access
devices. The remote devices are embedded units also using Openswan, each
sets up 1 tunnel to a subnet behind it. They have dynamic addresses so
we use X.509 certificates.

With only 200 or so remote sites running so far, we have already
experienced some stability problems. The target for this application is
around 10,000 remotes per concentrator. Unless I can demonstrate that
this can be supported, I expect that we'll be required to drop Openswan
and use some other solution, which would be a real shame.

I'm just now starting to set up some testing to determine how large a
population we can support.

Has anyone else done any testing along these lines, and would be willing
to compare notes?

-- 
Andy <fs at globalnetit.com>



More information about the Users mailing list