OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 20.1 Legacy Series »
  • OpenVPN clogged by client rush
« previous next »
  • Print
Pages: [1]

Author Topic: OpenVPN clogged by client rush  (Read 1686 times)

nothing

  • Newbie
  • *
  • Posts: 31
  • Karma: 0
    • View Profile
OpenVPN clogged by client rush
« on: April 06, 2020, 04:10:18 pm »
Looks like restarting VPN server with 200-300 active clients is bad idea. I have such on dual Xeon 3.3GHz.
OpenVPN service gets smashed by all the clients rushing in. As a result, nobody can connect and the service is dead. showing mostly
Quote
WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 255
in the logs.

I see that it's possible in firewall rule to have SYN rate limiting per IP. But what if the connections are coming each from unique IP?!

So, is there a way of limiting the SYN rate per firewall rule, not per single source IP? For example to have no more than 1 new incoming (SYN) connection per 2 seconds in the fw rule, which allows access to the service.
« Last Edit: April 07, 2020, 07:45:44 am by nothing »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 20.1 Legacy Series »
  • OpenVPN clogged by client rush
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2