On Mon, Jul 21, 2008, John R Pierce wrote: > Bo Lynch wrote: >> we have been looking at implementing OpenVPN to allow access to the >> internal LAN. For a firewall, we basically have iptables with 2 nics doing >> NAT. So would the OpenVPN server live inside of our private network and >> just do some forwards with iptables on the firewall or would it be better >> to implement it with by itself with 2 nics one on the public and one on >> the private? > > openvpn uses a simple TCP socket for its transport, so sure, port > forwarding would work fine. or running it ON your firewall server, if > thats something which openvpn can run on (pfsense, any linux firewall, > etc). Actually the public interface with OpenVPN is udp by default. We have been using it for a while now with a variety of clients, Windows, Mac OS X, and other Linux boxen. Bill -- INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax: (206) 232-9186 A paranoid is a man who knows a little of what's going on. -- William S. Burroughs