Can anyone recommend a good VPN option for employees to connect to our corporate network (employees use mostly Mac laptops)
we currently use OpenVPN community vpn server with 2FA - users connect using their vpn profiles + 2fa code using Tunnelblick
Users are having issues connecting at times during the initial setup, its a lot of steps for them to download their VPN profile, add a QR code, add vpn username+pw, etc, causes lots of headaches for everyone, we spend a lot of our time t-shooting basic VPN setups.
wondering what others are using and how you manage your vpn access for employees (preferablly something thats open src and can be configured via cfg management system like salt,puppet,ansible,etc)
We switched from OpenVPN to Tailscale and it has been a very positive experience. It’s zero config, users just login and that’s it. 2FA is handled at the IDP level. You can run an opensource version of it called Headscale: GitHub - juanfont/headscale: An open source, self-hosted implementation of the Tailscale control server but IMO it’s worth paying for, my support and complaints about VPN related stuff has essentially dropped to zero since implementing it.
Twingate is another option, also check into ZeroTier or OpenZiti or Netbird
I can’t recommend enough Pritunl, easy to install and scale (https://pritunl.com). Has 2FA even in its free version, in the Enterprise one can be integrate with Active Directory.
Really easy to configure, payment is per host, not per user.
After extensive research, I went with Twingate for a previous company. There were a few hiccups but mostly it went smoothly and I was happy with the choice.
Major reasons I chose it:
Great documentation
Pulumi (and Terraform) support
Dual-tunnel design means folks don’t need to worry about disconnecting from the vpn when doing video calls etc.
Google auth (our SSO)
Largely transparent to the user after initial setup
Ease of setup = Tailscale. But it can only use 3rd party auth and configuration options may be limited. There is an open source client available called Headscale. But check it out, it’s a single-click install for the end user.
Viscosity from SparkLabs. It is a great (and very inexpensive) tool for OpenVPN connections on Mac. And, some firewalls actually export viscosity file formats.