Problem with VPN Scalability testing client setup.

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
mikolaj
OpenVpn Newbie
Posts: 4
Joined: Mon Nov 05, 2018 3:39 pm

Problem with VPN Scalability testing client setup.

Post by mikolaj » Mon Nov 05, 2018 3:50 pm

Hi,

Summary:
I am currently working on a project where we want to deploy single VPN server and allow for up to 500 client connections while pushing around 80-120 Mbps of data through few of the clients at the same time.
Has anyone done any scalability or performance testing using OpenVPN? I do not need to push high numbers but I am looking for stable idle client connections.

Test bench:
To obtain those numbers I have built the following test bench:
• 5 Client PCs
• 1 Server with 8 cores + 64GB ram
o The server has been configured to provide IP dynamically on a subnet with over 1k addresses
• 1 PC simulating multiple client connections.
o Clients would be started with a 10s delay between each new connection.
o Clients will use the same username password for the authentication
o Clients will obtain the IP dynamically from the OpenVPN server

Problem:
Now the problem I am having is how to simulate reliably 500 Client connections using the preferably single physical device and keep them stable. So far the physical Client PCs are rock solid idling over the weekend. While the simulated client connections will fail no matter if I am using 5 or 500.

The things I have tried so far:

1. Single Client PC (following THIS Guide):
a. On a single Client PC, I have created 5/10/15/50/100 TAP adapters
b. On Client PC I have created 5/10/15/50/100 config files.
c. Now I have started client connections and left them idle.
2. Problems:
a. When I was starting a bigger amount of connections 25/50+ sometimes the newly connected clients would consume already assigned IPs
b. Almost always when left to idle, once I would RDP to the machine or start ping scans across the VPN the devices would lose connection to the server.

3. I have tried a similar setup with using Hyper-V based VMs
4. I have tried VMs with client connections using client-specific config files with static IP.
5. I have tried VMs with client connections using client-specific config files with static IP and a unique username per client.

Potential solutions:
I was wondering if using Docker OpenVPN containers would be any use to simulate this test?

In advance thanks for any advice and feedback on my setup! Sorry for the lengthy post but I didn’t want to left any details out.

mikolaj
OpenVpn Newbie
Posts: 4
Joined: Mon Nov 05, 2018 3:39 pm

Re: Problem with VPN Scalability testing client setup.

Post by mikolaj » Mon Nov 12, 2018 2:00 pm

Hi, I have no updates so far, so I will bump it. Meanwhile, I will repost this thread around a few different community forums. If I manage to get any meaningful answers I will come back and share them here. Thanks for looking!

flint2003
OpenVPN User
Posts: 23
Joined: Mon Sep 24, 2018 11:48 am

Re: Problem with VPN Scalability testing client setup.

Post by flint2003 » Fri Nov 16, 2018 10:40 am

Hi mikolaj!
It's really interesting theme you arose.
I think there are some limitations for the free version of OpenVPN. Do you know them?

mikolaj
OpenVpn Newbie
Posts: 4
Joined: Mon Nov 05, 2018 3:39 pm

Re: Problem with VPN Scalability testing client setup.

Post by mikolaj » Fri Nov 16, 2018 3:06 pm

Hi,

With some time spent on troubleshooting this issue and going through OpenVPN forum, I have come to the following conclusions:

1. Running multiple OpenVPN clients on a single host device simply will not work and will cause some issues.
Now the good news is that if you look to stress test the OpenVPN server according to the open VPN community this is still valid load, see extract from the OpenVPN wiki below:

*“For more than 100 simultaneous connections several parallel OpenVPN processes are used on the same client instance; although the clients will fail to initialize properly, they should still stress the server in relatively realistic fashion.”*

We have actually seen some issues even with 2 clients running on the same host.

2. The Amazon EC2 scripts from the OpenVPN wiki used for the past performance test look like a lot of work and were edited in 2012 so we have given up on getting them to work for us.

3. Finally, the docker approach seems to work just fine. At the moment we have a single host with 250 docker instances. I will start testing next week and if there are people interested in the result and approach please give me a shout and I will share all the info, otherwise, I will not spam this thread any further.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Problem with VPN Scalability testing client setup.

Post by TinCanTech » Fri Nov 16, 2018 3:25 pm

mikolaj wrote:
Fri Nov 16, 2018 3:06 pm
if there are people interested in the result and approach please give me a shout and I will share all the info, otherwise, I will not spam this thread any further.
You can share all you like, we do not consider it spam to do so, even if nobody responds.

I have used CORE for this sort of testing.

FYI: You can setup lots of openvpn clients on one host machine just make sure you don't start over-writing one VPN with another's settings.

flint2003
OpenVPN User
Posts: 23
Joined: Mon Sep 24, 2018 11:48 am

Re: Problem with VPN Scalability testing client setup.

Post by flint2003 » Fri Nov 30, 2018 9:01 am

Hi Mikolaj.
As I mentioned before your testing's results will be interesting.
I'm looking forward your results

mikolaj
OpenVpn Newbie
Posts: 4
Joined: Mon Nov 05, 2018 3:39 pm

Re: Problem with VPN Scalability testing client setup.

Post by mikolaj » Tue Dec 18, 2018 4:06 pm

Hi Flint,

Sorry for not getting back. At the moment we are in the end of the release cycle so as soon as I have spare time I'll provide some details.

flint2003
OpenVPN User
Posts: 23
Joined: Mon Sep 24, 2018 11:48 am

Re: Problem with VPN Scalability testing client setup.

Post by flint2003 » Wed Dec 19, 2018 7:02 am

Hi Mikolaj.
It sounds good! Thank you and good luck!

Post Reply