Text only | Text with Images

OPNsense Forum

English Forums => 26.1 Series => Topic started by: Diggy on February 24, 2026, 07:00:42 PM

Title: Best choice for mobile VPN clients?
Post by: Diggy on February 24, 2026, 07:00:42 PM

Of the three built-in VPN solutions, which is the best choice for mobile clients?

The OPNsense router at the headquarters has a static WAN IP address.

The mobile clients include newer versions of:
 * Android
 * Apple iOS
 * Apple iPadOS
 * Linux
 * Windows

Any special considerations for the above scenario I need to take into consideration?  Side note, I plan to implement IPSec for satellite offices to headquarters 24/7 VPN connectivity.  Hopefully it won't conflict with the solution best for mobile clients.

Your guidance is much appreciated.  Thank you.
Title: Re: Best choice for mobile VPN clients?
Post by: Patrick M. Hausen on February 24, 2026, 07:06:37 PM
Medium to large number of users? Dynamic handling of assigned IP addresses? External authentification like with Active Directory or similar? OpenVPN, no contest.

WireGuard is nice, but you need to manage IP addresses manually and there is no external auth. So if it's for a handful of admins, it's great. But it does not scale.

IPsec is similar to OpenVPN in features, but much more difficult to set up and debug, you need extra clients which all behave differently for all the client OSes. And it does not work quite as well as OpenVPN through restricted Internet uplinks like hotel or train hotspots etc.

With OpenVPN you get the same open source client for each OS, done.
Title: Re: Best choice for mobile VPN clients?
Post by: Diggy on February 24, 2026, 07:59:58 PM
Quote from: Patrick M. Hausen on February 24, 2026, 07:06:37 PMMedium to large number of users? Dynamic handling of assigned IP addresses? External authentification like with Active Directory or similar? OpenVPN, no contest.

WireGuard is nice, but you need to manage IP addresses manually and there is no external auth. So if it's for a handful of admins, it's great. But it does not scale.

IPsec is similar to OpenVPN in features, but much more difficult to set up and debug, you need extra clients which all behave differently for all the client OSes. And it does not work quite as well as OpenVPN through restricted Internet uplinks like hotel or train hotspots etc.

With OpenVPN you get the same open source client for each OS, done.

Good info.  Thanks.  No external authentication for now.  Internal authentication if that is an option with OpenVPN.
Title: Re: Best choice for mobile VPN clients?
Post by: Patrick M. Hausen on February 24, 2026, 08:05:08 PM
It is.
Title: Re: Best choice for mobile VPN clients?
Post by: Diggy on February 24, 2026, 10:08:36 PM
Any thoughts on the "Tinc VPN" plugin for either site-to-site or mobile users or both?  j/w
Title: Re: Best choice for mobile VPN clients?
Post by: nero355 on February 25, 2026, 12:29:52 AM
Quote from: Diggy on February 24, 2026, 07:00:42 PMOf the three built-in VPN solutions, which is the best choice for mobile clients?
Just FYI :

Pretty much EVERYONE keeps telling me that the battery usage of Wireguard is superior compared to the battery usage of OpenVPN for mobile phones so that's something to consider too !!
Text only | Text with Images