I’ve been playing with OpenVPN since mid December. I like it. I like it better than IPsec. Why? Because OpenVPN can give me direct access to all my systems wherever I am. I can cvsup from my cvsup server at home from a hotel in Toledo (if I’m ever there). IPsec can do that. But it is much more complex to set up.
OpenVPN is pretty simple.
At present, my wireless gateway is on a dedicated machine inside my firewall. I’m tempted to add a third NIC to my gateway and move that WAP onto it. This would, sort of, create a DMZ. It would be easier to allow guests access to the internet, but still allow me to OpenVPN into the LAN. It would also remove one box. I don’t think I could actually remove it…. it is also used as a Bacula test server.
We’ll see. Worst case, it’s a few interesting FreeBSD Diary articles.