If you have over 1,000 to deploy, enterprise don’t use open source. The cost of going open source and having the personal to manage it is greater than going with somebody like Palo Alto.
Jeez, free of cost? What about support time, installation time, customization and so on? Do you work for free? Just because it’s open source doesn’t mean it’s free of cost. 
“I need an enterprise-grade solution that is constantly being patched and upgraded by people who don’t want to charge me a dime for it.”
Lol
All POC by enterprise vendors should be free, I wouldn’t expect to find what you want and not have to pay for it.
I want to be able to use it for Proof-of-Concepts
You can always call up Fortinet/PaloAlto (or your VAR) tell them you want to evaluate their _software_, they will give you a 30-60-90 day trial, you can deploy it on prem or in the cloud. Sometimes they will even send you hardware completely GRATIS
You’re welcome. To be clear thought, I’m not talking about connections, but throughput. If each server had 4,096 connections, you’d need 4gb of bandwidth just to give 1Mbps of throughput to each user, which will most likely make them really upset. These massive VPN providers and services have thousands of servers scattered at internet exchanges to get as close to the last mile to give each vpn user maximum throughput.
If anyone can do it perhaps you should try!
Uh 5000 is out of my League.
I guess you need over a Gigabit bandwith fully encrypted.
Do you have existing usage data?
Which authentication shall it support.
However in this Dimension i would try to locate a expierenced Partner.
1st Location to start searching if i had to do it is greenbow.
Then services like nordvpn.
As a propritary Service i would give ncp and zscaler a shot.
However zscaler does a unusual concept, which does introduce some unexpected consequences.
It’s not for a currently needed deployment. I am searching for a tool to learn for the future. I want to learn something that will give me good returns on time invested. After checking out SoftEther VPN, it seems each node can handle 4096 connections if it has suffient RAM and processing power. It handles clustering and high-availability and also fault-tolerance is possible. It can handle password, RADIUS, ActiveDirectory, X.509 PKI both self-signed and CA-signed authentication.
If you are on the lookout for future solution i would definitely add federated authentication as a key feature. (OIDC/SAML)
Good luck