I'm planning to setup an OpenVPN server on an EdgeRouter ER-8-XG and use this device to support VPN for approximately 50 customers. Each customer will have their own network topology with different subnets. I would like to setup server-side + client-side routing in client/server mode and with this setup, the OpenVPN client will be able to reach all the machines behind the OpenVPN server, and the server will be able to reach all the machines behind the client.
My concern is what will be the best practices for building the OpenVPN server in this case? Should we:
- Run 50 different OpenVPN server (tunnels/instances) on 50 different ports, each instance/port is dedicated for 1 customer with their own network topology?
- Run only 1 OpenVPN server on port 1194 and create 50 different *.ovpn configuration files for each client?
And is there any way to configure the OpenVPN server properly without the need of knowing client's network topology in advance? As some customers may use the same subnets on their LAN and I would like to make sure not to push duplicated subnets to their sides. Just like giving the customers the *.ovpn file and the clients should be able to connect to the OpenVPN server automatically + routing subnets on both sides.