New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Scenario: My client needs 10k openvpn ip client computer configurations for remote access . . .
10k as in ten thousand remote workers . . .
Advice on Scripts, VPS, materials anything one would use for this type of scenario.
Clients only use work computers for internet browsing, data entry, photo editing, etc...
Choice 1 = Cost Efficient -
- Choice 2 = Powerhouse -
-n100
Support eff.org
Comments
Wat?
Edit: I've read again and somehow understood
All depends on your client budget. If that's from single ip block range it's easy with a dedi and reliable upstream
If that was from different location. You have to do my manual job
Well, assuming they don't all need a unique external IP (i cant see any reason they would) you could use 10 x E3 servers with 32GB Ram, each hosting 1000 connections, 1 x E3 server with 32GB Ram running radius for auth, and another E3 server with 32GB Ram for all logging.
Group them in to batches of 100 & Use docker/LXC or even OpenVZ containers with a pre built template, NAT and then spend a week or so writing the initial start up and container creation scripts, offload logging and your done.
As there is no mention of throughput its really hard to say for sure, you would really want to do it on a smaller scale, gather metrics and then make a more educated judgement on what your infrastructure would look like.
After writing that then reading what you wrote again I think its possible your saying you actually want 10k remote desktops all of which are connected to via OpenVPN, in which case that's a different story.
perhaps give a bit more specific info?
You should advise your client to hire someone who knows what they're doing.
My thoughts, with no offence meant.
I am assuming that you already have a work relationship with this client on some level.
Do you really want to risk loosing the client all together just because you don't want to miss is a single opportunity to get some $$$ out of him?
The only scenarios that won't end up badly for you are;
Hire someone experienced to do it, get a commission or bring that person into your team.
A) Be upfront and tell your client you are not comfortable setting up that environment for him.
Don't wait for that call "why are all my employees sitting on their thumbs?!", with will follow a ring ring from the company lawyer as I don't imagine a company with 10k employees not writing an agreement that will make you liable for such a situation.
If you are serious about this, we can work on it.
I can set this up for you with redundancy and also provide non-emergency maintenance.
I can't give you a realistic estimation of the costs without knowing the amount of traffic which this is supposed to move, since hardware and bandwidth needs to be purchased according to your needs. It's also not the same if this needs to be set up in Europe or Asia.
If you are interested, feel free to email me: https://nyr.es/
Regards
It all depends on the traffic needed, the level of logging, maybe some DPI... Simple VPN, just web browsing with minimal or no logging can be done with a simple E3. If you have heavy traffic, need DPI, heavy logging, special rules, etc, then this goes up exponentially...
Do they have any existing user account system?
AD? LDAP?
If so, you can just distribute configured cilent configuration, which will prompt them for their user/password. The OpenVPN servers will then authenticate against the LDAP/AD servers, which removes the need to actually distribute customized configurations for each user.
AD/LDAP becomes a single point of failure, but if you are using AD/LDAP, I am pretty sure it is used for things other than OpenVPN logins. Any competent company would have a backup AD/LDAP server. If they don't, start running away. Far away.
I like this forum. It reminds me that everything is possible if one sets one's mind to it.
“He who is brave is free”. ― Seneca
If you're confusing realism with negativity, that is another sign your client needs to be put in better hands. You give no details and no budget, and yet seemingly expect people here to have something scripted up for you to use. If you want a positive outcome, you have to be willing to do more than just cash your client's checks.
10k remote workers? Wow that is alot! Not to derail but I am very curious about what sort of work these workers will be doing... so consider this my subscribe post to try to even understand such a solution
Not sure of him but I do when it smells fishy.