[pptp-server] maximum of connections...

Tue Jan 15 00:51:18 CST 2002

Hi!
>   I read HOWTOs in pptpd distribution, but this quiestion is't clear
there.
> It says "So it seems that 2048 will be the limit, if you fix a few things
> and with a minor kernel mod", but it doesn.t say what to fix... Above this
> it says that 2.2.X kernels have limit of 100 ppp devices, so we can reach
> 2048 only on 2.4.X?

You can only reach 100 connections with the standard 2.2.x and 2.4.x kernel.
But you can simply patch both kernels to reach more than 100 connections.
Simply patch /usr/src/linux/net/core/dev.c and increase the number in the
mentioned for loop to 2048. According to Alan Cox this should be sufficient,
but is not the fasted look-up method for the devices. If you write a better
algo, please let me know. But it works fine for me. :-)
Also don't forget to increase the number of Unix 98 PTY to 2048 (can be
reached by simple running make menuconfig and enter 2048 instead of 256 for
the number of unix ptys).

>   And final questuion :)... How many connections have you practicly
reached?

I am currently using pptpd for user authentication for our students to get
internet access in our student hostel network. Nobody could tell me, whether
this gonna work and with how much users. So I set up a test in part of our
network. The test is working fine since 25th of november 2001. I reached up
to 280 simultaneos connections using just one machine, which is a AMD Duron
900MHz with 768MB of RAM. At a maximum of 280 users I reach a CPU usage of
about 25%. The machine is VPN/NAT/Firewall server and does Traffic-Accounts
for every VPN-User using iptables.

For every user you should have a little bit of CPU power and some memory. I
you have enough of both (Athlon XP 1700+ or higher and 2 Gigs of RAM) you
should be able to get up to 2048 simultaneous users. Thats my estimation.

I should say that our users are "normal" internet users. They are simply
surfing, are just connected to receive ICQ messages and not all users are
downloading much data at the same time. We have about 10% of
"hardcore-users", which are transferring much data.

So if your users are all transfering much data, you maybe end up with a
lower maximum number of users. I should also say that I do not force any
encryption. I leave it to the user to user no/40/128 Bit encryption.

I just estimated the number of encrypted and unencrypted connections at our
VPN-server: one third is using encryption. About 60% of this users are using
40Bit and 40% is using 128Bit.

We plan to set up 6 VPN-Server for our hole network, so that these servers
are not the bottleneck of our network connection (GBit to university
Backbone and 100MBit to the internet). Currently 1300 possible users are
using our VPN-Server. Our hole network includes about 4000 users.

Torge Szczepanek