OpenVPN Server Licensing
-
Please forgive me for what my be a stupid question, but I'm new to the pfSense world and I want to ensure that we are in compliance with any required licensing.
We are looking at deploying pfSense for an organization that will have about 15 remote users. We're planning to use OpenVPN for them to connect to pfSense in order to access the on-premise server.
It doesn't appear that a community edition of OpenVPN server is available (http://openvpn.net/index.php/open-source/downloads.html). Therefore, it appears that the server side (i.e. what's embedded in pfSense) requires licensing if you want to have more than 2 concurrent connections. (http://openvpn.net/index.php/license.html).
So my questions are as follows:
-
Am I mistaken in understanding OpenVPN server licensing? If my understanding of the server licensing is incorrect, can someone please provide me with a link explaining this?
-
If OpenVPN server licensing is required, how do I add licenses to pfSense? I don't see anything related to OpenVPN licensing anywhere for pfSense.
Any clarification would be appreciated.
Thank-you
-
-
Am I mistaken in understanding OpenVPN server licensing?
Yes. pfSense uses the Open Source OpenVPN server not their licensed OpenVPN Access Server. There are no restrictions on number of users, concurrent tunnels, or concurrent servers (except for bandwidth/hardware limitations).
-
Thanks, verigoth. Is there anything "official" that would satisfy a lawyer, such as a link to somewhere on the pfSense site or the OpenVPN site? (The organization is a law firm.)
-
http://openvpn.net/index.php/license.html
Scroll down to the community version
OpenVPN community edition license:
———————————-
OpenVPN is distributed under the GPL license version 2 (see Below). -
It doesn't appear that a community edition of OpenVPN server is available (http://openvpn.net/index.php/open-source/downloads.html).
?????
How do you mean that? It IS available.
-
You're confusing OpenVPN server and OpenVPN Access Server. The former is open source, freely available, no restrictions or licensing considerations. The latter is a commercial product that's an OpenVPN server appliance basically, putting a management interface on to OpenVPN server. It's more or less similar to what's freely available with pfSense with the setup wizard, cert management, client export, etc.
-
Thanks, everyone!
I'm glad that I was mistaken. As I said, I'm new to pfSense so I've had a bit of a learning curve. So far, I really like the product; and information like this makes pfSense even more appealing. :)
-
We use OpenVPN Access Server at work on a dedicated server which replaced our old Microsoft VPN server. The "engine" is basically the same with exception that the GUI is provided to manage it. There is one thing I do like about OpenVPN Access Server is the Web GUI for users to install the pre-packaged OpenVPN client created specifically for that user and their certs are generated on the fly. Long as the users are part of the "OpenVPN" security group in Active Directory they can easily use it.
In PfSense I have to pretty much have to install it for each user manually. It's not big of a deal for a small office using the OpenVPN export add-on but 200+ users it would take awhile. But once it's installed users don't have to do anything other than launch the client and log on.
This is little more what you were asking about but wanted to point out a couple of key differences in terms of deployment.
I prefer using PfSense as I don't have to deal with licensing nightmare and very flexible in network configurations.