I got the Business Edition for the User Portal functionality. What's the currently recommended, most user friendly but still administratively flexible way to provide road warrior OpenVPN configuration and group based access?
I'm looking to have separated access for IT staff, regular employees and external contractors to different internal resources. User accounts will be in Active Directory.
I've used client specific overrides before with pfSense but found them to be cumbersome if there's more than a couple of them. Completely separate OpenVPN server instances seem overkill. Do OpenVPN Group aliases allow me to this simply based on OpenVPN interface access rules?
Any recommendations and best practices?