Pooling Users and DH Parameters - carvenli/pritunl GitHub Wiki

Every user has a certificate and private key. Servers also have a hidden user that is used for the vpn server certificate and dh parameters for the vpn server. Generating a certificate and private key takes about 1-2 seconds. To prevent this delay when adding users Pritunl will generate extra users and mark the additional users as pooled users. When a user is created Pritunl will first attempt to use a pooled user if successful the user can be created in only a few milliseconds preventing a delay from certificate generation. Generating dh parameters of the default length (1536 bits) will take a few minutes depending on the performance of the server and the availability of random data. Pritunl will also generate additional dh parameters of the default length to allow servers to quickly be created and started. When a server is created Pritunl will attempt use pooled dh parameters if none are available and there are pooled dh parameters currently being created but not finished the dh parameters will be reserved. If pooled dh parameters can not be used or reserved a task will start to generate new dh parameters. When this happens the server will display a notice that dh parameters are being created and the server will not be able to run until the task is complete.