bridged VPN - multiple Server instances or just one?

[daralla]

Hi, I'm working on a test setup with a VPN Server (HP G260 Mini-PC Pentium 3558U 4GB RAM Windows 7) behind a Kabel Router, VPN in bridged mode. Up to now I'm just testing with a single client and so far, everything works well.

On the real setup the plan is to have at least 3, maybe 4 clients access the server simultaneously. Now to the question that occured to me:

From a performance standpoint, would it be better to run multiple OpenVPN instances (with different ports of course) on the server, each serving 1 client, or is one server instance for the max. 4 clients the more sensible choice? The 3 or 4 clients will all access from the same, non-moving remote side, if that matters.

Has anyone experiences in this regard? Thank you.

-----
daralla

[TinCanTech]

I'm working on a test setup

Did you test it yet ?

I'm curious to know if there are any performance changes

[daralla]

The multiple servers vs. one? Not yet. Curently still at one server and only one client, and not yet at the final server destination. By the end of the week, I hope.

I had also hoped someone could tell me the advantages / disadvantages in advance...

[TinCanTech]

Having more server instances running will add more processing power but for four clients I doubt you will see any improvement. More important that that would be AES-NI on-chip support.

[daralla]

Yeah, I'm aware a CPU with AES support would help, but a different Server is not in the Budget, have to work with the HP G260. Speed (or rather functionality of the medical software used) is priority, security secondary, so I already made the compromise to use only AES-128 as cipher.

With the current setup of only 1 client, the CPU is at 8 to 15 percent during heavy use of the tunnel, let's see how it goes with 3 or 4 clients. The max upload speed on the VPN Server side is fixed at 10 Mbit/s, that's obviously another limitation.

I guess I'll first run everything with a single server instance. If there are speed problems I'll try switching to one server instance per client and see if it makes a difference.

[TinCanTech]

Currently, openvpn is a single threaded process .. so multiple servers can at least use separate cores.
Set affinity with the host OS, set process priority in HKLM/software/openvpn
Unless you absolutely must, do not use a network bridge.

If you have a spare disc try Linux as your server OS for access to some other options.

Finally, running heavy usage openvpn on a live application server is probably not a good idea.
So .. be wary of that.

[daralla]

Well, this is my first contact with OpenVPN, I combined two tutorials to setup bridged mode which worked well. I did read along the way that routed mode produces less traffic, but when I tried that I quickly got lost what to route where on what device.

The goal sounds simple, I need 4 Clients on location A to be able and map a share on a server on location B, all PC working with Windows 7, both locations with different subnets behind a Fritzbox Router. First try was to connect the routers LAN-to-LAN, easy and worked but dead-slow. Then OpenVPN bridged mode, worked too and much faster. Surely the optimum would be routed mode, but I can't work it out ATM.