OpenVPN Access Server

Hi,

We, a university college/EDU, are looking to replace our current remote access VPN solution (F5) and are evaluating OpenVPN Access Server as a "good enough and affordable solution" besides the usual vendor solutions (Pulse Secure, Cisco AnyConnect, ...) but would like to hear some real world experiences about OpenVPN AS before we start with a PoC. The traditional vendor solutions are often quite pricey, especially Pulse Secure but probably very capable, which necessitates us to first look for other solutions.

At the moment we're using F5 SSLVPN for remote access (200 CCU's) as this was what we got "for free" with our F5 load balancing and reverse proxying solution some years ago. However this setup is nearing it's eol and as a whole has diminished in usage over the years because of various cloudmigrations. The remaining load balancing and reverse proxying duties are being transferred to a HAProxy Enterprise setup which we're finding surprisingly capable and a lot more affordable.

So this leaves us with the F5 SSLVPN remote access solution that we want to replace with something else. Currently authentication happens based on machine certs in combination with user credentials for role assignment. We're using this solution purely for remote access and are not doing any posture checking. Over the years our experience with the product was OK, as long as it worked, but miserable when it didn't work. Clientlogs are a big mess and give the impression of a jumbled together solution under the hood. We've had numerous problems with the helper services such as SSO that sometimes didn't feel like reusing the Windows credentials. Each time after an upgrade we always had a small percentage of clients that stopped working correctly. More often than not the only solution in those cases were reinstalling the client and if even that didn't work even reimaging the workstation. Linux support was abominable which forced us to also provide a couple of AnyConnect licenses for those users.