Softether SSTP large scale implementation

[vladutz33]

Hey guys , I want to implement a large scale SSTP VPN solution (about 4000 connected devices to the vpn) using softether. My problem is that after 300 connections the server is overloaded (I currently use a single server with 4 vcpus and 16 gb of ram, I'm looking at the clustered solution but I would like to host at least 1000 connections on one server) , what parameters do I need to change to optimize the performance ? Thank you.

[moatazelmasry]

Some tips:

Use a bridge instead of secureNAT.

What does it mean overloaded?few memory, cpu or load average?

[vladutz33]

The CPU stays in 100%, it doesn't receive new connections, it drops the existing ones. I am using bridge mode with external DHCP server but I think there is a problem with the DHCP also because of the large number of incoming connections the DHCP server doesn't have time to process every request and delays the DHCP ACK message and the clients keep disconnecting ( the clients are mikrotik routers) because they don't have IP assigned.
Thing I did to make the situation better:
-I disabled all the unnecessary logging
-I've limited the number of incoming connections to 50 new in one minute
I don't know what else to do in order to reduce the cpu load. The connections are used for remote management so there isin't much traffic from each connection. I also noticed that there is a lot of uplink traffic something like 10GB of data in half an hour, which is a lot , I think that there is a loop somewhere I just can't figure out where.
I am using the SoftEther VPN Server (Ver 4.20, Build 9608, rtm) on Debian Jessie x64 .

[ava1ar]

vladutz33 wrote:
> Hey guys , I want to implement a large scale SSTP VPN solution (about 4000
> connected devices to the vpn) using softether. My problem is that after 300
> connections the server is overloaded (I currently use a single server with
> 4 vcpus and 16 gb of ram, I'm looking at the clustered solution but I would
> like to host at least 1000 connections on one server) , what parameters do
> I need to change to optimize the performance ? Thank you.

I don't think it is possible at all with SoftEtherVPN. If you want to get best performance possible, you should take native Linux solution like IPSec for this. OpenVPN sounds attractive also, but it is know as not scaling solution. Why do you selected SSTP? The only reason I can imagine is thet your clients are windows boxes, but even then IPSec is possbile (Windows supports IKEv2 out of the box).

[thisjun]

How about DNS round robin?

[fashaun]

I use the hardware

8 vCPU and 16 G RAM and use the normal softether client and it still have this problem

and Im very doubt the specification on the SoftEther VPN official web (4096 client in one Virtual Hub)\

Is any one could answer this questions?

[thisjun]

"4096 client in one Virtual Hub" is just designed limitation.
Actually, it needs unrealistic spec.