On Mon, May 30, 2011 at 8:52 AM, Srikanth Sundaresan
<srikanth@gatech.edu> wrote:
On May 30, 2011, at 6:58 PM, Dave Taht wrote:
> After running overnight, the openvpn server grew to about 8MB in size, and seems to have stabilized there.
That's a lot, isn't it?
No. The server should run on a far more capable host than the router, which would hardly notice.
More important is that I'm not observing unbounded memory growth, which is important for long running processes.
The server size is also a function of the number of connected clients. There are only two connected now.
The client (after much less abuse than I put the server through last night) weighs in at
12932 1 root S 4548 7% 0% /usr/sbin/openvpn --syslog openvpn(cu
Note that using VSZ as per either of these measurements do is a bad
idea in that it inaccurately accounts for stack size and shared library
usage.
But as a rough measure, it's not bad, and we
currently have over 32MB of ram to spare, even after openvpn is
running. dnsmasq, after some usage, will grow larger than it is at
present.
I'll put the client through some abuse in a bit.
As a client, openvpn has the ability to take a list of addresses, and ports, to try an outgoing connection on.
As
a server, multiple servers can listen also on multiple ports, on
multiple machines as well, so it is theoretically scalable to thousands
of users.
My principal problem (long term) with openvpn, is as a user space
daemon it cannot take advantage of hardware acceleration on the client
side, where available (of the hardware projected to be in use for
cerowrt, the only thing that does hardware crypto is the dreamplug). I
would also like to try a heavier crypto algo than blowfish.
That said, once I got through the 'generate a cert setup hassle',
it's nice to be able to get to port 81 through the vpn, as well as see
snmp stuff.