* Many users
@ 2017-08-06 19:02 Bzzzz
2017-08-06 20:22 ` Jason A. Donenfeld
0 siblings, 1 reply; 7+ messages in thread
From: Bzzzz @ 2017-08-06 19:02 UTC (permalink / raw)
To: WireGuard mailing list
Hi mailing-listers,
I wonder if any of you have either made a large test or is using
WG with a large number of users, each one having his own key.
I'm talking about >> 1,000 keys (closer to 10k is better) ?
Or at least with a maximum of individual keys.
And are there hard/soft limits to this number ?
The goal is to be able to revoke access user by user.
Thanks in advance & regards.
Jean-Yves
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Many users
2017-08-06 19:02 Many users Bzzzz
@ 2017-08-06 20:22 ` Jason A. Donenfeld
2017-08-06 20:34 ` Bzzzz
2017-08-07 19:05 ` Jason A. Donenfeld
0 siblings, 2 replies; 7+ messages in thread
From: Jason A. Donenfeld @ 2017-08-06 20:22 UTC (permalink / raw)
To: Bzzzz; +Cc: WireGuard mailing list
Hey Jean-Yves,
There's an artificial limitation of 65535 peers per interface. This
limitation isn't _entirely_ necessary, and if it becomes a problem for
folks, I could remove it.
There was somebody on this list who set up thousands of peers and
thousands of interfaces a while ago, and after handling some issues
with him, things worked pretty well.
So, to answer your question: WireGuard should scale quite well, and
you shouldn't have many problems. But of course let me know if you do.
Jason
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Many users
2017-08-06 20:22 ` Jason A. Donenfeld
@ 2017-08-06 20:34 ` Bzzzz
2017-08-06 20:57 ` Jason A. Donenfeld
2017-08-07 19:05 ` Jason A. Donenfeld
1 sibling, 1 reply; 7+ messages in thread
From: Bzzzz @ 2017-08-06 20:34 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: WireGuard mailing list
On Sun, 6 Aug 2017 22:22:28 +0200
"Jason A. Donenfeld" <Jason@zx2c4.com> wrote:
> Hey Jean-Yves,
Hey Jay,
> There's an artificial limitation of 65535 peers per interface. This
It should fit in ("only" ~10,000) ;)
> There was somebody on this list who set up thousands of peers and
> thousands of interfaces a while ago, and after handling some issues
> with him, things worked pretty well.
I guess, when you're talking about "thousands of interfaces", you mean
virtual ones ? Do you recall how many machines he was using ?
BTW, for such cases may be it could be interesting to link WG to a
sqlite DB ?
> So, to answer your question: WireGuard should scale quite well, and
> you shouldn't have many problems. But of course let me know if you do.
OK, thanks, that's good to know that it has already be done and help is
around.
JY
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Many users
2017-08-06 20:34 ` Bzzzz
@ 2017-08-06 20:57 ` Jason A. Donenfeld
2017-08-06 21:10 ` Bzzzz
0 siblings, 1 reply; 7+ messages in thread
From: Jason A. Donenfeld @ 2017-08-06 20:57 UTC (permalink / raw)
To: Bzzzz; +Cc: WireGuard mailing list
On Sun, Aug 06, 2017 at 10:34:12PM +0200, Bzzzz wrote:
> I guess, when you're talking about "thousands of interfaces", you mean
> virtual ones ? Do you recall how many machines he was using ?
On the same machine, I mean.
I guess you could simulate this kind of thing with:
printf '[Interface]\nPrivateKey=%s\n' "$(wg genkey)" > conf
head -c $(( 33 * 10000 )) /dev/urandom | base64 | tr -d '\n' | fold -b -w 44 | sed -n 's/\(.*\)../[Peer]\nPublicKey=\1A=/p' >> conf
for i in {1..10000}; do ip link add wg$i type wireguard; wg setconf wg$i ./conf; done
Careful, though!
>
> BTW, for such cases may be it could be interesting to link WG to a
> sqlite DB ?
I've actually got something for this coming through the pipeline soon.
I'll keep the list posted when it's ready.
Jason
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Many users
2017-08-06 20:57 ` Jason A. Donenfeld
@ 2017-08-06 21:10 ` Bzzzz
0 siblings, 0 replies; 7+ messages in thread
From: Bzzzz @ 2017-08-06 21:10 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: WireGuard mailing list
On Sun, 6 Aug 2017 22:57:42 +0200
"Jason A. Donenfeld" <Jason@zx2c4.com> wrote:
> On Sun, Aug 06, 2017 at 10:34:12PM +0200, Bzzzz wrote:
> > I guess, when you're talking about "thousands of interfaces", you
> > mean virtual ones ? Do you recall how many machines he was using ?
>
> On the same machine, I mean.
Now I'm sure.
> I guess you could simulate this kind of thing with:
>
> printf '[Interface]\nPrivateKey=%s\n' "$(wg genkey)" > conf
> head -c $(( 33 * 10000 )) /dev/urandom | base64 | tr -d '\n' | fold -b
> -w 44 | sed -n 's/\(.*\)../[Peer]\nPublicKey=\1A=/p' >> conf for i in
> {1..10000}; do ip link add wg$i type wireguard; wg setconf
> wg$i ./conf; done
Nice piece of code.
> Careful, though!
>
> >
> > BTW, for such cases may be it could be interesting to link WG to a
> > sqlite DB ?
>
> I've actually got something for this coming through the pipeline soon.
> I'll keep the list posted when it's ready.
Now, THIS will be a very nice thing - and so much better when
adding|removing a user than a huge configuration file.
As there's no real hurry, I'll wait for this feature to appear.
Thanks for your answers.
JY
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Many users
2017-08-06 20:22 ` Jason A. Donenfeld
2017-08-06 20:34 ` Bzzzz
@ 2017-08-07 19:05 ` Jason A. Donenfeld
2017-08-07 19:13 ` Bzzzz
1 sibling, 1 reply; 7+ messages in thread
From: Jason A. Donenfeld @ 2017-08-07 19:05 UTC (permalink / raw)
To: Bzzzz; +Cc: WireGuard mailing list
On Sun, Aug 6, 2017 at 10:22 PM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> There's an artificial limitation of 65535 peers per interface.
I've just increased this to 2^{20}, which is roughly 1 million peers.
(I can increase it more, should the need arise.)
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Many users
2017-08-07 19:05 ` Jason A. Donenfeld
@ 2017-08-07 19:13 ` Bzzzz
0 siblings, 0 replies; 7+ messages in thread
From: Bzzzz @ 2017-08-07 19:13 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: WireGuard mailing list
On Mon, 7 Aug 2017 21:05:09 +0200
"Jason A. Donenfeld" <Jason@zx2c4.com> wrote:
> On Sun, Aug 6, 2017 at 10:22 PM, Jason A. Donenfeld <Jason@zx2c4.com>
> wrote:
> > There's an artificial limitation of 65535 peers per interface.
>
> I've just increased this to 2^{20}, which is roughly 1 million peers.
>
> (I can increase it more, should the need arise.)
Hmmmmmm, keep on increasing it and we
(WGmailinglistusersofzedeaththatkills) will rule the (known)
UNIVERSE ! ;-p)
Thanks for that, Jay, WG is not entering the 20th dimension.
Kidding apart, that is very nice and confirms that no other VPN
solution can compete at this time, either in user's number nor
speed.
Jean-Yves
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2017-08-07 18:52 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-08-06 19:02 Many users Bzzzz
2017-08-06 20:22 ` Jason A. Donenfeld
2017-08-06 20:34 ` Bzzzz
2017-08-06 20:57 ` Jason A. Donenfeld
2017-08-06 21:10 ` Bzzzz
2017-08-07 19:05 ` Jason A. Donenfeld
2017-08-07 19:13 ` Bzzzz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).