OpenVPN Support Forum

hello
starting ovpn server on winxp sp2 with parametrs:
C:\OpenVPN\bin\openvpn.exe --max-clients 32 --config c:\\openvpn\\config\\server.ovpn
have:

Thu Dec 23 22:50:08 2010 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2
006
Thu Dec 23 22:50:08 2010 Diffie-Hellman initialized with 1024 bit key
Thu Dec 23 22:50:08 2010 WARNING: This configuration may accept clients which do
not present a certificate
Thu Dec 23 22:50:08 2010 TLS-Auth MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0
]
Thu Dec 23 22:50:08 2010 TAP-WIN32 device [openvpn] opened: \\.\Global\{00C23FDA
-2AEF-4424-9C6B-A46F44FE35C1}.tap
Thu Dec 23 22:50:08 2010 TAP-Win32 Driver Version 8.4
Thu Dec 23 22:50:08 2010 TAP-Win32 MTU=1500
Thu Dec 23 22:50:08 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1
3.166.166.1/255.255.255.0 on interface {00C23FDA-2AEF-4424-9C6B-A46F44FE35C1} [D
HCP-serv: 13.166.166.0, lease-time: 31536000]
Thu Dec 23 22:50:08 2010 Sleeping for 10 seconds...
Thu Dec 23 22:50:18 2010 Successful ARP Flush on interface [393219] {00C23FDA-2A
EF-4424-9C6B-A46F44FE35C1}
Thu Dec 23 22:50:18 2010 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:
32 EL:0 AF:3/1 ]
Thu Dec 23 22:50:18 2010 Listening for incoming TCP connection on [undef]:444
Thu Dec 23 22:50:18 2010 TCPv4_SERVER link local (bound): [undef]:444
Thu Dec 23 22:50:18 2010 TCPv4_SERVER link remote: [undef]
Thu Dec 23 22:50:18 2010 MULTI: multi_init called, r=256 v=256
Thu Dec 23 22:50:18 2010 IFCONFIG POOL: base=13.166.166.10 size=241
Thu Dec 23 22:50:18 2010 IFCONFIG POOL LIST
Thu Dec 23 22:50:18 2010 MULTI: TCP INIT maxclients=32 maxevents=36
Thu Dec 23 22:50:18 2010 Initialization Sequence Completed

its OK
but when starting with parametrs:
C:\OpenVPN\bin\openvpn.exe --max-clients 128 --config c:\\openvpn\\config\\server.ovpn
have:

Thu Dec 23 22:52:20 2010 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2
006
Thu Dec 23 22:52:20 2010 Diffie-Hellman initialized with 1024 bit key
Thu Dec 23 22:52:20 2010 WARNING: This configuration may accept clients which do
not present a certificate
Thu Dec 23 22:52:20 2010 TLS-Auth MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0
]
Thu Dec 23 22:52:20 2010 TAP-WIN32 device [openvpn] opened: \\.\Global\{00C23FDA
-2AEF-4424-9C6B-A46F44FE35C1}.tap
Thu Dec 23 22:52:20 2010 TAP-Win32 Driver Version 8.4
Thu Dec 23 22:52:20 2010 TAP-Win32 MTU=1500
Thu Dec 23 22:52:20 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1
3.166.166.1/255.255.255.0 on interface {00C23FDA-2AEF-4424-9C6B-A46F44FE35C1} [D
HCP-serv: 13.166.166.0, lease-time: 31536000]
Thu Dec 23 22:52:20 2010 Sleeping for 10 seconds...
Thu Dec 23 22:52:30 2010 Successful ARP Flush on interface [393219] {00C23FDA-2A
EF-4424-9C6B-A46F44FE35C1}
Thu Dec 23 22:52:30 2010 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:
32 EL:0 AF:3/1 ]
Thu Dec 23 22:52:30 2010 Listening for incoming TCP connection on [undef]:444
Thu Dec 23 22:52:30 2010 TCPv4_SERVER link local (bound): [undef]:444
Thu Dec 23 22:52:30 2010 TCPv4_SERVER link remote: [undef]
Thu Dec 23 22:52:30 2010 MULTI: multi_init called, r=256 v=256
Thu Dec 23 22:52:30 2010 IFCONFIG POOL: base=13.166.166.10 size=241
Thu Dec 23 22:52:30 2010 IFCONFIG POOL LIST
Thu Dec 23 22:52:30 2010 MULTI: TCP INIT maxclients=60 maxevents=64
Thu Dec 23 22:52:30 2010 Initialization Sequence Completed

how to place max-clients over 60?

Hello,

It would be helpful to see your server configuration, but I'm going to go out on a limb and suggest that you need to define a larger subnet for your client network. If you are using a routed configuration, 4 IP addresses are consumed per connection (network number, client end-point, server end-point, broadcast).

All of the how-to docs that I have seen specify the use of a /24 network. Bump it up to a /23 (netmask 255.255.254.0) and see what happens. Why it stops at 60 connections? I don't know. Technically there are 68 usable /30 networks in a /24.

If that works, let us know. Otherwise, please post your configurations and we'll see what can be seen.

Regards,
Stephen

before going any further with this, update your openvpn
you are using a quite old version
do you see this same behavior in udp?
i remember some sort of limit that windows has for open connections on a single tcp socket... this could be it

Thanks