[strongSwan] pool '10.10.10.0/24' is full, unable to assign address
noel.kuntze+strongswan-users-ml at thermi.consulting
Thu Jun 13 02:34:46 CEST 2019
Yes. You need to tune RPS settings on Linux though and do some other shenanigans. Otherwise performance will suck.
You're free to use several ranges and offer them at the same time. Roadwarriors will get VIPs from the first non-full pool.
Am 10.06.19 um 11:42 schrieb Houman:
> Hi Noel,
> That's fantastic. You mean this setup could deal with 25,600 at a time? That would be incredible.
> So if I pick CIDR: *10.10.10.0/17 <http://10.10.10.0/17> *that could work with *32768. *Do you think that's too much?
> or should I rather go lower with *10.10.10.0/18 <http://10.10.10.0/18> ,*which comes down to *16384*.
> Many Thanks,
> On Mon, 10 Jun 2019 at 10:35, Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:
> Hello Houman,
> Easily. Add a couple of zeros. And you don't need that much memory.
> Kind regards
> Am 10.06.19 um 10:51 schrieb Houman:
> > Hey guys,
> > I'm getting the following error message in Syslog:
> > *pool '10.10.10.0/24 <http://10.10.10.0/24> <http://10.10.10.0/24>' is full, unable to assign address*
> > This means I have more than 256 users at a time on the server.
> > What is the ideal setting for a VPN on s server with Intel Xeon E3-1246V3 (8 CPU) with 32 Gb RAM? Are 512 users doable on this server above?
> > I think *10.10.10.0/23 <http://10.10.10.0/23> <http://10.10.10.0/23> *means 512 IPs can be allocated. Do you agree that this IP pool for strongswan makes sense?
> > Many Thanks,
> > Houman
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Users