OpenVPN 100+ users



  • Hello,
    What would be the best way to give access to about 100 OpenVPN into pfsense? I know the process as in create certificate > openvpn server instances etc. My question is there a better way to manage 100 certificates/users instead of creating everything separately? Or client overrrides is the way to go? In this case i still have to create all those certificates right ?


  • Rebel Alliance Developer Netgate

    At that scale, per-user certs are impractical. You can do it, but you'd have to manage them manually.

    Better to use a central auth setup like RADIUS or LDAP and go with an auth-only VPN. You still have the static TLS key available for an extra factor if you want. Not as air-tight as Certs+Auth+TLS Key but still good and scales a lot better.