Bo Lynch wrote: > we have been looking at implementing OpenVPN to allow access to the > internal LAN. For a firewall, we basically have iptables with 2 nics doing > NAT. So would the OpenVPN server live inside of our private network and > just do some forwards with iptables on the firewall or would it be better > to implement it with by itself with 2 nics one on the public and one on > the private? > openvpn uses a simple TCP socket for its transport, so sure, port forwarding would work fine. or running it ON your firewall server, if thats something which openvpn can run on (pfsense, any linux firewall, etc).