Yes, OpenVPN is proposed to implement the remote access vpn feature (it is currently an IPSec/L2TP vpn server using Strongswan). site-to-site vpn in vpcs (also using strongswan) will not be changed.
-Wei On Thu, 10 Jun 2021 at 18:51, Kristaps Cudars <kristaps.cud...@gmail.com> wrote: > OpenVPN is SSL/TLS VPN and it has no support for IPSec. OpenVPN should > coexist with Strongswan. OpenVPN is ment for vpn client connective many to > one. Strongswan is meant for P2P connectivity. > > On 2021/06/10 08:39:14, Rudraksh MK <rudra...@indiqus.com.INVALID> wrote: > > Hey! > > > > I’m personally a strong proponent of Wireguard. A couple years back, > implementing a S2S or remote-access VPN with WG was complicated and it > still is - but there’s definitely more tooling available these days. There > are clients for just about every major platform - desktop and mobile. > > > > In the long term though, I think a general-purpose VPN provider like the > one you outlined is far better - and I’d definitely like to take a stab at > it, although I’ll admit my Java skills are basically..zero. But even so - a > framework that allows users to select what platform they want - Strongswan > vs OpenVPN vs Wireguard - would be awesome. > > > > > > Best! > > > > Rudraksh Mukta Kulshreshtha > > Vice-President - DevOps & R&D > > IndiQus Technologies > > O +91 11 4055 1411 | M +91 99589 54879 > > indiqus.com > > > > This message is intended only for the use of the individual or entity to > which it is addressed and may contain information that is confidential > and/or privileged. If you are not the intended recipient please delete the > original message and any copy of it from your computer system. You are > hereby notified that any dissemination, distribution or copying of this > communication is strictly prohibited unless proper authorization has been > obtained for such action. If you have received this communication in error, > please notify the sender immediately. Although IndiQus attempts to sweep > e-mail and attachments for viruses, it does not guarantee that both are > virus-free and accepts no liability for any damage sustained as a result of > viruses. > > On 10 Jun 2021, 1:55 PM +0530, Rohit Yadav <rohit.ya...@shapeblue.com>, > wrote: > > > All, > > > > > > We've historically supported openswan and nowadays strongswan as the > VPN provider in VR for both site-to-site and remote access modes. After > discussing the situation with a few users and colleagues I learnt that > OpenVPN is generally far easier to use, have clients for most OS and > platforms (desktop, laptop, tablet, phones...) and allows multiple clients > in the same public IP (for example, multiple people in the office sharing a > client-side public IP/nat while trying to connect to a VPC or an isolated > network) and for these reasons many users actually deploy pfSense or setup > a OpenVPN server in their isolated network or VPC and use that instead. > > > > > > Therefore for the point-to-point VPN use-case of remote access [1] > does it make sense to switch to OpenVPN? Or, are there users using > strongswan/ipsec/l2tpd for remote access VPN? > > > > > > A general-purpose VPN-framework/provider where an account or admin > (via offering) can specify which VPN provider they want in the network > (strongswan/ipsec, OpenVPN, Wireguard...). However, it may be more complex > to implement and maintain. Any other thoughts in general about VPN > implementation and support in CloudStack? Thanks. > > > > > > [1] > http://docs.cloudstack.apache.org/en/latest/adminguide/networking_and_traffic.html#remote-access-vpn > > > > > > > > > > > > Regards. > > > > > > > > > > > >
