Softether SSTP large scale implementation

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
vladutz33
Posts: 2
Joined: Wed Nov 02, 2016 4:18 am

Softether SSTP large scale implementation

Post by vladutz33 » Wed Nov 02, 2016 4:25 am

Hey guys , I want to implement a large scale SSTP VPN solution (about 4000 connected devices to the vpn) using softether. My problem is that after 300 connections the server is overloaded (I currently use a single server with 4 vcpus and 16 gb of ram, I'm looking at the clustered solution but I would like to host at least 1000 connections on one server) , what parameters do I need to change to optimize the performance ? Thank you.

moatazelmasry
Posts: 336
Joined: Sat Aug 15, 2015 7:41 pm

Re: Softether SSTP large scale implementation

Post by moatazelmasry » Wed Nov 02, 2016 6:53 pm

Some tips:

Use a bridge instead of secureNAT.

What does it mean overloaded?few memory, cpu or load average?

vladutz33
Posts: 2
Joined: Wed Nov 02, 2016 4:18 am

Re: Softether SSTP large scale implementation

Post by vladutz33 » Wed Nov 02, 2016 7:37 pm

The CPU stays in 100%, it doesn't receive new connections, it drops the existing ones. I am using bridge mode with external DHCP server but I think there is a problem with the DHCP also because of the large number of incoming connections the DHCP server doesn't have time to process every request and delays the DHCP ACK message and the clients keep disconnecting ( the clients are mikrotik routers) because they don't have IP assigned.
Thing I did to make the situation better:
-I disabled all the unnecessary logging
-I've limited the number of incoming connections to 50 new in one minute
I don't know what else to do in order to reduce the cpu load. The connections are used for remote management so there isin't much traffic from each connection. I also noticed that there is a lot of uplink traffic something like 10GB of data in half an hour, which is a lot , I think that there is a loop somewhere I just can't figure out where.
I am using the SoftEther VPN Server (Ver 4.20, Build 9608, rtm) on Debian Jessie x64 .

ava1ar
Posts: 4
Joined: Thu Feb 13, 2014 10:42 pm

Re: Softether SSTP large scale implementation

Post by ava1ar » Sun Nov 06, 2016 5:09 am

vladutz33 wrote:
> Hey guys , I want to implement a large scale SSTP VPN solution (about 4000
> connected devices to the vpn) using softether. My problem is that after 300
> connections the server is overloaded (I currently use a single server with
> 4 vcpus and 16 gb of ram, I'm looking at the clustered solution but I would
> like to host at least 1000 connections on one server) , what parameters do
> I need to change to optimize the performance ? Thank you.

I don't think it is possible at all with SoftEtherVPN. If you want to get best performance possible, you should take native Linux solution like IPSec for this. OpenVPN sounds attractive also, but it is know as not scaling solution. Why do you selected SSTP? The only reason I can imagine is thet your clients are windows boxes, but even then IPSec is possbile (Windows supports IKEv2 out of the box).

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Softether SSTP large scale implementation

Post by thisjun » Thu Nov 17, 2016 7:38 am

How about DNS round robin?

fashaun
Posts: 6
Joined: Wed Mar 22, 2017 6:22 am
Location: Taiwan, Taipei
Contact:

Re: Softether SSTP large scale implementation

Post by fashaun » Thu May 11, 2017 3:30 am

I use the hardware

8 vCPU and 16 G RAM and use the normal softether client and it still have this problem

and Im very doubt the specification on the SoftEther VPN official web (4096 client in one Virtual Hub)\

Is any one could answer this questions?

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Softether SSTP large scale implementation

Post by thisjun » Thu May 18, 2017 7:18 am

"4096 client in one Virtual Hub" is just designed limitation.
Actually, it needs unrealistic spec.

Post Reply