What are the downsides of OpenVPN?

  • I have been seeing so many people always wrestling with IPSec, and many other secure VPN technologies. I, for one, have always simply used OpenVPN, with beautiful and simple and versatile results. I've used it on DD-WRT routers, big servers and android phones, to name a few.

    Could someone please explain to me what I am missing out on? Are there any downsides to OpenVPN that I am not aware of? Does IPSec and friends offer some awesome feature that I didn't know about? Why isn't everyone using OpenVPN?

  • IMHO, the biggest disadvantage to OpenVPN is that it's not interoperable with the vast majority of products from "big name" network vendors out there. Cisco & Juniper's security and router products don't support it - they only support IPsec and proprietary SSL VPNs. Palo Alto, Fortinet, Check Point, etc. don't support it, either. So, if your organization / enterprise wants to setup a site-to-site extranet VPN to another company and you've only got an OpenVPN appliance, you're probably going to be out of luck.

    That being said, some network hardware & software companies are starting to embrace OpenVPN. MikroTik is one of them. It's been supported since RouterOS 3.x:

    http://wiki.mikrotik.com/wiki/OpenVPN

    Also, for the longest time the only way to run an OpenVPN client on Apple's iOS required jailbreaking. This is not so, anymore:

    https://itunes.apple.com/us/app/openvpn-connect/id590379981?mt=8

    Overall, the situation is improving. However, without vendors like Cisco & Juniper implementing it in their products, I can't see large enterprises adopting it without facing interoperability problems.

    As well as Mikrotik OpenVPN is in (and has been in for a while now) pfSense http://www.pfsense.org/ (Although I don't believe you can create site-to-site tunnels with it, maybe through the CLI?

    I didn't know their was an OpenVPN IOS app, yay!

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM

Tags used