In certain cases we did exactly that. We used a linux appliance optimized
as a router + OpenVPN. But the instances where we could get away with that
is a small percentage of our installed base. Unfortunately the majority of
those sites require the Windows box because of other requisite proprietary
software that we have no control over. I dare say we have long and vast
experience with both. Both work quite well. The Windows box version with
OpenVPN and Gava's patches have proven themselves to work well and are
quite stable.
Marvin
On Thu, Aug 27, 2015 at 5:58 AM, Gert Doering <g...@greenie.muc.de> wrote:
> Hi,
>
> On Thu, Aug 27, 2015 at 09:18:12AM +1200, Jason Haar wrote:
> > On 26/08/15 20:35, Arne Schwabe wrote:
> > > Okay yes. Active FTP is broken by our simple nat implementation. But I
> > > think FTP, let alone active FTP is dead. I am not sure if we should
> > > support this in our simple NAT implementation.
> > I agree. Surely this would be the beginning of a complete beat-up?
>
> I *could* argue that someone has been asking for a new DHCP option
> recently... :-)
>
> I have not looked at the code yet to see how large or invasive it is,
> but as it obviously has a fairly reasonable use case ("support old
> equipment behind state-of-the-art VPN tunnels"), I can see why the
> feature make some sort of sense.
>
> OTOH I would do it differently altogether - put an OpenWRT box into
> the network in question, OpenVPN on top of it, and use Linux iptables
> NAT to do the actualy natting back and forth and whatever is needed,
> as it will always be more powerful than what we can build into OpenVPN
> (and I'd totally not run important service stuff on windows).
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
> //
> www.muc.de/~gert/
> Gert Doering - Munich, Germany
> g...@greenie.muc.de
> fax: +49-89-35655025
> g...@net.informatik.tu-muenchen.de
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>
>
