Hi, On Thu, Jul 24, 2014 at 05:22:37PM +0200, arno.oderm...@ch.schindler.com wrote: > I did the first part: > > NO, we are not using any Plugins, only client -connects scripts
Mmmh, ok.
> lsof -n | wc -l 4405
That doesn't tell much, except "the total number of open files in
the system is 4405".
> lsof -p 25211 > openvpn1.txt
> lsof -p 25232 > openvpn2.txt
> lsof -p 25252 > openvpn3.txt
>
> It looks like, we got much more then just some lines:
>
> openvpn3.txt openvpn2.txt openvpn1.txt
If you look at the files (in attachment), you'll see that the large bulk
of it is "TCP" - so your openvpn processes are using up the amount of file
descriptors the system is willing to give them for TCP connects, as every
TCP client needs to have it's own socket.
If you run "ulimit -a" from the same environment where you start the
OpenVPN processes, you'll see a line that looks like this:
$ ulimit -a
...
nofile (-n) 1024
that's the maximum number of file descriptors - subtract some 20-odd,
and you have ~1000 left for about 1000 clients.
$ ulimit -n 2000
can usually be used to raise that limit to 2000 (if run as root, in the
same shell that starts openvpn later)... I'm not a Fedora expert, so
maybe they have some other limitations, or ways to control the limits.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpR0YHSeqWHZ.pgp
Description: PGP signature
