I have a bunch of RUT950s and am monitoring their statuses via MQTT, however, sometimes I'll need remote access to a unit but depending on the WAN network at the time, there may be an incoming firewall in the way and so I need a way for the unit to dial out and call home, opening a connection. I know one approach is to use OpenVPN as a client, which is fine, but when I scale up I don't want to be constantly terminating 100s-1000s of OpenVPN connections and so either need a more lightweight approach or a mechanism to enable the OpenVPN connection on demand.
The ideal for me would be being able to issue an MQTT message to trigger the activation of OpenVPN or Stunnel. I know Teltonika's RMS is an option but the cost is far too prohibitive for me.
Is anyone able to recommend any secure solution?