@Chip326

Какой ПК выбрать для VPN сервера?

Вечер добрый! В офисе планируется подключить около 400-500 удалённых VPN клиентов. Какой для этих целей нужен будет сервер? Либо может есть железка, к которой без танцев с бубном и роутингами можно будет подключить как Unux так и Win клиентов? По каналу будет гоняться весь трафик: почта, видео, торренты и.т.д
  • Вопрос задан
  • 555 просмотров
Решения вопроса 1
@nrgian
Либо может есть железка, к которой без танцев с бубном и роутингами можно будет подключить как Unux так и Win клиентов?

Боюсь вас цена не устроит.

Дело в том, что VPN жрет хорошо ресурсы процессора. И аппаратные решения, хорошие для поддержки 400-500 без VPN, например, роутеры-маршрутизаторы - при включении же VPN сразу просядут в производительности очень сильно.

Без танцев с бубнами - это программное решение, типа pfSense.
Или Wireguard

По аппаратным требованиям хорошо разжевано вот тут
https://openvpn.net/vpn-server-resources/openvpn-a...

Some examples

The examples given below are assuming fairly high demand on bandwidth and activity of the users. In reality you’ll often find that users are idling a lot more and as a result the bandwidth requirements are a lot lower. But the examples are here to show you how to make an educated guess about what kind of system you need to reach a certain goal. Having said that, we have customers that run near 2000 users on a single Access Server on a quad-core system just fine, because their requirements of the data throughput are fairly low and restricted to specific services. Likewise, we also have customers that run around 50 users on a single Access Server, and are maxing out their octa-core setup because they push so much traffic through it. It just depends on what you need so it’s very hard for us to give you an accurate assessment ourselves.

A reasonably demanding setup – let’s say you have modern dedicated server with AES-NI and you need 500 devices connected to it, and they reroute all their Internet traffic through the VPN tunnel, and about 50% will be actively using the connection, and 50% will be idling, at any given time. This will of course vary as some users will open a web page, and then read it for a while leaving the connection mostly idle, while another user at the same time opens an email program and retrieves email. In other words, a typical office work situation. Let’s say you want to make sure each active user will have 10Mbps available, and let’s assume they actually have that bandwidth on their Internet connection.

250 active users times 10Mbps is 2500Mbps or 2.5Gbps. Servers with 10Gbps lines are readily available so this shouldn’t be a problem to achieve in terms of network bandwidth.
2500Mbps times 20MHz is about 50000MHz or 50GHz. Processors with 3.5GHz for example in dual octa-core setup would get you over those requirements.
With 500 connected devices in this example you would need about 6GB of memory on your system. This is a reasonably low amount for modern systems, so easy to achieve.

A simpler setup – let’s say you have an old dedicated server without AES-NI and you need 200 devices connected to it, but they only route traffic for a web server and a file server on your private network, and about 50% will be actively using the connection, and 50% will be idling, at any given time. As in the previous example this will of course vary somewhat as some users are working on other tasks and alternate this with retrieving files and data through the VPN tunnel. Let’s say you want to make sure each active users will have 10Mbps available, and let’s again assume they actually have that bandwidth on their Internet connection.

100 active users times 10Mbps is 1000Mbps or 1Gbps. Most systems nowadays have this by default, even servers that are several years old.
1000Mbps time 40MHz is about 40000MHz or 40GHz. Older servers with a dual octa-core setup with 2.5GHz will be able to get you to those requirements.
With 200 connected devices in this example you would need about 2GB of memory, a fairly low amount.
Ответ написан
Пригласить эксперта
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Похожие вопросы