[strongSwan] High Scale VPN deployment recommendation?

Hal Logan hlogan at star2star.com
Tue Nov 15 22:55:45 CET 2016


I'm putting a config together for a server that will have as many as 10,000
concurrent VPN connections running to it. Client will be OpenWRT Chaos
Calmer, server will be a highly modified CentOS. Both ends will be running
StrongSwan u5.3.5. The clients will be running split tunnel connections.
I've looked for case studies, references, or recommendations for
configuration approaches that specifically reference high scale design but
haven't found any.

For the server side, when routing traffic from the tunnels to other network
resources is it generally more resource intensive to do that routing in the
kernel, or would one expect lower utilization doing PBR or a road
warrior-type approach?

Any insight or suggestions are appreciated. If it helps the community I'm
glad to provide hardware specs and performance benchmarks over time.

Cheers and thank you,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161115/7c60e22a/attachment.html>

More information about the Users mailing list