OpenVPN 100+ users
symmcom last edited by
What would be the best way to give access to about 100 OpenVPN into pfsense? I know the process as in create certificate > openvpn server instances etc. My question is there a better way to manage 100 certificates/users instead of creating everything separately? Or client overrrides is the way to go? In this case i still have to create all those certificates right ?
At that scale, per-user certs are impractical. You can do it, but you'd have to manage them manually.
Better to use a central auth setup like RADIUS or LDAP and go with an auth-only VPN. You still have the static TLS key available for an extra factor if you want. Not as air-tight as Certs+Auth+TLS Key but still good and scales a lot better.