Looks like restarting VPN server with 200-300 active clients is bad idea. I have such on dual Xeon 3.3GHz.
OpenVPN service gets smashed by all the clients rushing in. As a result, nobody can connect and the service is dead. showing mostly
QuoteWARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 255
in the logs.
I see that it's possible in firewall rule to have SYN rate limiting per IP. But what if the connections are coming each from unique IP?!
So, is there a way of limiting the SYN rate
per firewall rule, not per single source IP? For example to have no more than 1 new incoming (SYN) connection per 2 seconds in the fw rule, which allows access to the service.