Stefan Monnier wrote:
>> IPSEC is very widely used for infrastructure VPNs and is not
>> proprietary. Cisco interoperates with Checkpoint interoperates with
>> Draytek interoperates with OpenVPN ....... Never found a problem in
>> dozens of cases.

>
> In which sense do they "interoperate"?
>
>> OpenVPN is proprietary and will not work with a Draytek router.

>
> In which sense is OpenVPN proprietary?
>


I think the poster means that the protocol is not an official standard
held by an independent body. That's true, even though it is built
around existing standards and is freely available.

>> If you do not, setting up and maintaining this simply to support a few
>> dialup VPN clients is a big ask. Making a few changes to your firewall for
>> GRE is pretty minor by comparison.

>
> I went to the trouble of setting up a personal OpenVPN server (and
> corresponding clients) specifically because of the endless problems
> I had with firewalls when using PPTP (and I don't know about other
> people, but I can't make any change to most of the firewalls to which
> I'm exposed; and even when I could I still had problems when several
> machines within the same NAT subnet tried to use the same VPN).
>


I have no doubt that OpenVPN is much easier to configure and work with
both for the server and clients. Most of the servers I have configured
have been on small, cheap LinkSys routers using OpenWRT, with multiple
OpenVPN configurations - an independent OpenVPN network for each network
port on the device. Different clients have OpenVPN connections to
different servers, and can easily connect to or disconnect from the
networks as they require. Each server can have multiple clients for the
different VPN networks as needed. Each client can be connected to
multiple servers. And both the servers and clients are typically behind
at a NAT router. This kind of flexibility is simply impossible with
other VPN solutions.