Hey! I’m personally a strong proponent of Wireguard. A couple years back, implementing a S2S or remote-access VPN with WG was complicated and it still is - but there’s definitely more tooling available these days. There are clients for just about every major platform - desktop and mobile.
In the long term though, I think a general-purpose VPN provider like the one you outlined is far better - and I’d definitely like to take a stab at it, although I’ll admit my Java skills are basically..zero. But even so - a framework that allows users to select what platform they want - Strongswan vs OpenVPN vs Wireguard - would be awesome. Best! Rudraksh Mukta Kulshreshtha Vice-President - DevOps & R&D IndiQus Technologies O +91 11 4055 1411 | M +91 99589 54879 indiqus.com This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential and/or privileged. If you are not the intended recipient please delete the original message and any copy of it from your computer system. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited unless proper authorization has been obtained for such action. If you have received this communication in error, please notify the sender immediately. Although IndiQus attempts to sweep e-mail and attachments for viruses, it does not guarantee that both are virus-free and accepts no liability for any damage sustained as a result of viruses. On 10 Jun 2021, 1:55 PM +0530, Rohit Yadav <rohit.ya...@shapeblue.com>, wrote: > All, > > We've historically supported openswan and nowadays strongswan as the VPN > provider in VR for both site-to-site and remote access modes. After > discussing the situation with a few users and colleagues I learnt that > OpenVPN is generally far easier to use, have clients for most OS and > platforms (desktop, laptop, tablet, phones...) and allows multiple clients in > the same public IP (for example, multiple people in the office sharing a > client-side public IP/nat while trying to connect to a VPC or an isolated > network) and for these reasons many users actually deploy pfSense or setup a > OpenVPN server in their isolated network or VPC and use that instead. > > Therefore for the point-to-point VPN use-case of remote access [1] does it > make sense to switch to OpenVPN? Or, are there users using > strongswan/ipsec/l2tpd for remote access VPN? > > A general-purpose VPN-framework/provider where an account or admin (via > offering) can specify which VPN provider they want in the network > (strongswan/ipsec, OpenVPN, Wireguard...). However, it may be more complex to > implement and maintain. Any other thoughts in general about VPN > implementation and support in CloudStack? Thanks. > > [1] > http://docs.cloudstack.apache.org/en/latest/adminguide/networking_and_traffic.html#remote-access-vpn > > > > Regards. > > >
