> On 20 Sep 2014, at 00:19, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote: > > A question about the other vpn server that you use. Does it open a new > tun device for each client? If not that may also give some hint on the > issue. Yes, both OpenVPN and OpenConnect are setup to use a new tun device for each client. After running both patches for a while now I?ve observed the following: * When using the dnsmasq work-around only this keeps dnsmasq responsive. However, because the send queue fills up, the end-user experience is unusably slow. It essentially now behaves the same as BIND. # netstat -uln|grep 53 udp 0 0 10.255.0.2:53 0.0.0.0:* udp 0 64512 10.0.0.1:53 0.0.0.0:* The 10.0.0.1 address is what the VPN clients query and becomes unusably slow. 10.255.0.2 stays responsive. * When using the ocserv patch only the problem does not occur. I?ll keep using it and report back if that changes. Regards, Niels