[Openvpn-users] OpenVPN as a viable commercial replacement

Mon, 24 Mar 2014 08:22:22 -0700 

Greetings,

        I'm currently using a big-name VPN hardware product that has been end
of lifed.  I'm looking into openVPN as a viable replacement.  I use
openVPN, quite successfully, for my own personal servers already.  This
deployment would be a bit different, so I wanted to run it past the
gurus and see if there's anything in here that is frowned upon,
dangerous, not possible, etc.

        I read elsewhere that there was an upper limit of about 200 concurrent
users per openVPN instance.  This was a post from 2010, though, so I'm
curious if this is still the limit.

        Our current VPN implementation assigns an IP based on LDAP group
membership.  There are several different IP pools available.  I'd like
to replicate this behavior in openVPN.  Does openVPN support multiple IP
pools?  I realize I can run multiple instances of openVPN, but solving
this at the user level is rough, at best.

        I'm also planning on using post-auth scripts to build iptables rules on
the openvpn server.  The intention here is to use the ip pools as a
large sieve and the iptables rules to provide additional security.  Are
there any known issues with this approach?  It's similar to what I see
on big iron solutions, but I haven't tried this with openVPN and linux
as of yet.

        Any other gotchas I should be looking out for?  I noticed there are a
few openVPN books out there, but they're all 3+ years old at this point.
 Are any of them still relevant?

Thanks,

-- 
---------------------------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---------------------------

"Any sufficiently advanced magic is indistinguishable from technology.\"
- Niven's Inverse of Clarke's Third Law

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to