: Large-scale deployment of virtual private networks with hundreds or thousands of clients means a constant battle with complexity that can only be won by setting up powerful authentication and authorization group policies. In this paper we are going to present some approaches for IP address, user, and access control management that have already been realized for the Linux FreeS/WAN IPsec stack or that are considered for implementation by the ZHW Security Group. First practical results from VPN production environments will be presented.