Re: [Openvpn-devel] OpenVPN multi instancing
Matthias Andreesaid: > On Sun, 29 Feb 2004, Christian Daniel wrote: > > > Hello everybody! > > > > For a student research project I'm trying to add multi instance capability > > to > > OpenVPN. The basic idea is to rip the main openvpn()-function apart, put > > all > > variables in a struct and then have only one select()-call for all open > > tunnels at once. > > Oh. You're in for plentiful fun with the various select() > "features"^Wbugs across the various operating system kernels. > > Better check out poll() and epoll() where available. These happen to > (usually) be more scalable as the number of fds increases. Luckily, UDP scales up fairly well without hitting up against the limitations of select() since a single UDP socket can be used to communicate with an unlimited number of clients. TCP will be harder to scale with select() because every incoming client will need its own socket. I don't see how poll() is that much of an improvement over select() because it still requires that you scan all the FDs to see which ones require service. epoll() looks like a real improvement, and has obviously been designed with scalability in mind. It's too bad that poll and epoll move the timeout from microsecond to millisecond resolution, as that makes things like traffic shaping harder to implement. James
Re: [Openvpn-devel] OpenVPN multi instancing
Christian Lademannsaid: > Hello, James hello, Christian, > > is it also going to be supported in 2.0 to have multiple tup/tap interfaces > but only a single TCP-port on the server side waiting for incoming > connections? The ultimate goal is to have all connection options open in either point-to-point or point-to-multipoint mode. The initial 2.0 beta will specialize in serving multiple clients on a single UDP port, single tun/tap interface, and single config file. Actually if you want single TCP-port, one tun/tap interface per client, that sounds like the inetd-based forking server model which is already functional (in a limited sense) in the 1.6 beta series. The limitation is that you use SSL/TLS + bridging. See the FAQ for more info. James
Re: [Openvpn-devel] OpenVPN multi instancing
Matthias Andreesaid: > On Mon, 01 Mar 2004, James Yonan wrote: > > > Christian Daniel said: > > > > > Hello everybody! > > > > > > For a student research project I'm trying to add multi instance capability to > > > OpenVPN. The basic idea is to rip the main openvpn()-function apart, put all > > > variables in a struct and then have only one select()-call for all open > > > tunnels at once. > > > > It's already been done :) > > > > See the BETA20 branch in the CVS. > > Is there a document that mentions the development tags so the daring > know what to check out? Or a mailing list I should subscribe to? It's not too complicated. The HEAD branch is stable, or a beta series which is leading to a stable release, i.e. 1.6-betaX. The BETA20 branch at this point mostly contains a lot of refactorization. All the stuff that used to be on the stack in the openvpn() function is now kept in a struct context. openvpn.c and the main() function is clean and minimalistic once again. Every major or beta release gets a tag that is constructed from the version number. When I do a cvs commit I use this simple script: cvs commit -m "version $OPENVPN_VER" && cvs tag `echo openvpn-$OPENVPN_VER | tr . -` where $OPENVPN_VER is something like "1.6-beta7" or "1.5.0". > May I suggest to post the pointer to the document or add one to > openvpn.sourceforge.net? There's not a lot of people actually working on the code right now, so it's easier to just ask questions on the list or search the archives. James
Re: [Openvpn-devel] OpenVPN multi instancing
Hello, James hello, Christian, is it also going to be supported in 2.0 to have multiple tup/tap interfaces but only a single TCP-port on the server side waiting for incoming connections? Regards, Christian Lademann
Re: [Openvpn-devel] OpenVPN multi instancing
On Mon, 01 Mar 2004, James Yonan wrote: > Christian Danielsaid: > > > Hello everybody! > > > > For a student research project I'm trying to add multi instance capability > > to > > OpenVPN. The basic idea is to rip the main openvpn()-function apart, put > > all > > variables in a struct and then have only one select()-call for all open > > tunnels at once. > > It's already been done :) > > See the BETA20 branch in the CVS. Is there a document that mentions the development tags so the daring know what to check out? Or a mailing list I should subscribe to? May I suggest to post the pointer to the document or add one to openvpn.sourceforge.net? Thanks. (It's incredible how much room for improvement OpenVPN still has, while having been stable and production-ready for so long already.) -- Matthias Andree Encrypt your mail: my GnuPG key ID is 0x052E7D95
Re: [Openvpn-devel] OpenVPN multi instancing
On Sun, 29 Feb 2004, Christian Daniel wrote: > Hello everybody! > > For a student research project I'm trying to add multi instance capability to > OpenVPN. The basic idea is to rip the main openvpn()-function apart, put all > variables in a struct and then have only one select()-call for all open > tunnels at once. Oh. You're in for plentiful fun with the various select() "features"^Wbugs across the various operating system kernels. Better check out poll() and epoll() where available. These happen to (usually) be more scalable as the number of fds increases. > Each tunnel should have it's own tun/tap-device open - the linux kernel has > no > problem to cope with so many interfaces... I don't think, that it's a good > idea, to create only one tun-device and then have some kind of internal > routing-engine... It cannot work. The interfaces have distinct addresses and netmasks, for some kind of internal routing-engine, you'd have to re-implement the stack on top of raw sockets. Not easy, not portable, not desirable. > - how to handle the garbage collection? Is it really necessary or is the code > leak-free? go figure as a side project, going to fill your thesis or homework or whatever other paper or PDF you're going to turn in. :-) -- Matthias Andree Encrypt your mail: my GnuPG key ID is 0x052E7D95
Re: [Openvpn-devel] OpenVPN multi instancing
On Mon, 1 Mar 2004, James Yonan wrote: > One virtual interface per tunnel is supported now and will be supported going > forward. ^ That's the part I needed to hear. Thanks! -- Life's short and hard, kind of like a bodybuilding elf. Jon Nelson