windows 2003 做openvpn 伺服器怎麼只能連接60個左右用戶?
我用windows server 2003 做openvpn伺服器,當用戶數量達到60左右後,其它用戶就無法連接
Mon Feb 23 21:10:03 2009 us=191193 TCP connection established with *.*.*.*:443
Mon Feb 23 21:10:03 2009 us=191241 Socket Buffers: R= S=
Mon Feb 23 21:10:03 2009 us=191267 TCPv4_CLIENT link local:
Mon Feb 23 21:10:03 2009 us=191283 TCPv4_CLIENT link remote: *.*.*.*:443
Mon Feb 23 21:10:03 2009 us=261676 Connection reset, restarting [-1]
Mon Feb 23 21:10:03 2009 us=261819 TCP/UDP: Closing socket
Mon Feb 23 21:10:03 2009 us=261928 SIGUSR1 received, process restarting
Mon Feb 23 21:10:03 2009 us=261948 Restart pause, 5 second(s)
Mon Feb 23 21:10:08 2009 us=253262 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon Feb 23 21:10:08 2009 us=253314 Re-using SSL/TLS context
Mon Feb 23 21:10:08 2009 us=253350 LZO compression initialized
一直這樣重複
不知道是什麼原因
另一台linux的openvpn伺服器暫時還沒發現這個問題。
《解決方案》
是不是IP地址不夠用了呢?如果是windows客戶端連接的話,子網掩碼是255.255.255.252,這樣一個客戶就佔用了4個地址,4*60就差不多快用玩了。。。不知道這樣對不對??
《解決方案》
看看server的配置哦
《解決方案》
port 443
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.0.0
ifconfig-pool-persist ipp.txt
client-to-client
push "redirect-gateway def1"
push "dhcp-option DNS *.*.*.*"
;duplicate-cn
keepalive 10 3000
;tls-auth ta.key 0 # This file is secret
auth-user-pass-verify check.exe via-env
client-cert-not-required
username-as-common-name
comp-lzo
;max-clients 1000
user nobody
group nobody
persist-key
persist-tun
status status.log
log openvpn.log
verb 4
;mute 20
《解決方案》
不是,固定了ip的,最多都用到10.8.4.*了。。。
只是最大在線人數只能達60左右
《解決方案》
server 10.8.0.0 255.255.0.0
看不出來問題,沒有碰到過這麼多用戶同時在線的
《解決方案》
new incoming connection would exceed maximum number of clients (60)
發現了伺服器上有這個日誌。。。
《解決方案》
伺服器啟動時有這個
MULTI: TCP INIT maxclients=60 maxevents=64
《解決方案》
John Grow wrote:
> I've been running openvpn 2.0 successfully under Linux with 1200 clients in tcp
> mode for about a year now to support a remote access solution used by our
> dealers. We have to move to windows to support our .NET applications.
>
> I've got openvpn 2.0.7 built using msys/mingw under Windows 2003 Server and it
> works fine otherwise. However, it only accepts 60 client connections, and
> resets all subsequent connection attempts. The max_clients parameter is set to
> 2000 in the config file and it is being read properly:
>
> (from syslog)
> openvpn: max_clients = 2000
> <snip>
> openvpn: WE_INIT maxevents=2004 flags=0x00000000
> openvpn: WE_INIT maxevents=64 capacity=64
> openvpn: MULTI: TCP INIT maxclients=60 maxevents=64
>
> It looks like the 2000 max_clients setting is getting overridden in we_init and
> getting set to WSA_MAXIMUM_WAIT_EVENTS, which is 64, minus 4. My understanding
> is this is a hardcoded limit built into the windows kernel. The 60 client limit
> is determined by subtracting extra_events (set to BASE_N_EVENTS, or 4) from it.
>
> Is there a way to get more than 60 clients running under Windows with tcp? Or
> is this something I'm stuck with? Does udp have a similar limit?
>
> Thanks in advance for anyone's help.
>
>
You are correct that the 60 TCP client maximum is a limitation imposed
by the Windows WSAWaitForMultipleEvents call.
However if you use UDP clients, this artificial limit no longer
applies. On Linux or Unix, there is no artificial limit, however as of
OpenVPN 2.1, only the Linux 2.6 kernel allows truly scalable numbers of
TCP clients to connect.
The problem is that until recently, most OS kernels gave applications
only the 'select' or 'poll' functions to wait for network socket
events. These functions scale poorly by design. Recently, most OSes
have introduced scalable event wait functions, however no cross-platform
method exists yet. Linux, for example, added epoll support with the 2.6
kernel and OpenVPN 2.0 and higher supports this.
James
《解決方案》
linux下openvpn啟動時是
MULTI: TCP INIT maxclients=1024 maxevents=1028
