Best choice for mobile VPN clients?

Started by Diggy, February 24, 2026, 07:00:42 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 24, 2026, 07:00:42 PM

Of the three built-in VPN solutions, which is the best choice for mobile clients?

The OPNsense router at the headquarters has a static WAN IP address.

The mobile clients include newer versions of:
 * Android
 * Apple iOS
 * Apple iPadOS
 * Linux
 * Windows

Any special considerations for the above scenario I need to take into consideration?  Side note, I plan to implement IPSec for satellite offices to headquarters 24/7 VPN connectivity.  Hopefully it won't conflict with the solution best for mobile clients.

Your guidance is much appreciated.  Thank you.
February 24, 2026, 07:06:37 PM #1
Medium to large number of users? Dynamic handling of assigned IP addresses? External authentification like with Active Directory or similar? OpenVPN, no contest.

WireGuard is nice, but you need to manage IP addresses manually and there is no external auth. So if it's for a handful of admins, it's great. But it does not scale.

IPsec is similar to OpenVPN in features, but much more difficult to set up and debug, you need extra clients which all behave differently for all the client OSes. And it does not work quite as well as OpenVPN through restricted Internet uplinks like hotel or train hotspots etc.

With OpenVPN you get the same open source client for each OS, done.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 24, 2026, 07:59:58 PM #2
Quote from: Patrick M. Hausen on February 24, 2026, 07:06:37 PMMedium to large number of users? Dynamic handling of assigned IP addresses? External authentification like with Active Directory or similar? OpenVPN, no contest.

WireGuard is nice, but you need to manage IP addresses manually and there is no external auth. So if it's for a handful of admins, it's great. But it does not scale.

IPsec is similar to OpenVPN in features, but much more difficult to set up and debug, you need extra clients which all behave differently for all the client OSes. And it does not work quite as well as OpenVPN through restricted Internet uplinks like hotel or train hotspots etc.

With OpenVPN you get the same open source client for each OS, done.

Good info.  Thanks.  No external authentication for now.  Internal authentication if that is an option with OpenVPN.
February 24, 2026, 08:05:08 PM #3
It is.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 24, 2026, 10:08:36 PM #4
Any thoughts on the "Tinc VPN" plugin for either site-to-site or mobile users or both?  j/w
Today at 12:29:52 AM #5
Quote from: Diggy on February 24, 2026, 07:00:42 PMOf the three built-in VPN solutions, which is the best choice for mobile clients?
Just FYI :

Pretty much EVERYONE keeps telling me that the battery usage of Wireguard is superior compared to the battery usage of OpenVPN for mobile phones so that's something to consider too !!
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Print
Go Up Pages1
User actions