VCL-WIKI
OpenVPN Site-to-Site

OpenVPN is a virtual private network that implements techniques to create secure point-to-point or site-to-site connections. It can be configured on both client and server applications.

OpenVPN allows neighbors to authenticate each other using username/password, pre-shared secret keys or certificates. When configured in a multi client-server configuration, it allows the server to release an authentication certificate for every client, using signatures and certificate authority.

Traditionally hardware routers implement IPsec in hardware due to ease in implementation and insufficient CPU power for doing encryption in software. Since VCL-MX-Router is a software router, this is less of a concern. For a long time OpenVPN has been widely used on UNIX platform and is a popular option for remote access VPN, though it’s also capable of site-to-site connections.

Advantages of OpenVPN are:

• It does not rely on packet source addresses and uses a single TCP or UDP connection, so it will work even through a double NAT: perfect for public hotspots and such.
• It offers very flexible split tunnelling and is easy to setup.
• For any platform there are a variety of GUI frontends.

Disadvantages are:

• Due to higher protocol overhead it is slower as compared to IPsec and the fact it runs in user mode while IPsec, on Linux, is in kernel mode.
• By default none of the operating systems have client software installed.

In the VCL-MX-Router CLI, a key point often overlooked is that rather than being configured using the set VPN stanza.

OpenVPN is configured as a network interface using set interfaces OpenVPN.

The above mentioned features are offered and supported by VCL-MX-50xx family of IP/MPLS Routers.

Reference:

Yonan. J. (2022). Management Interface. OpenVPN. (ed. 2.5.6)