Follow

OpenVPN, cont'd 

Some other things to note:

While being popular with many implementations, the clients aren't standardized and even the official clients for Linux vs Android vs macOS work very differently, like completely unrelated projects.

There's a popular .ovpn file format used to config clients but it's not standard. Some clients require it. It's basically just a client config file concatenated with 3 certificates which are each inside XML-ish tags.

OpenVPN, cont'd 

There are multiple clients for each platform & the official ones aren't necessarily the best.

By default, it only creates a server-client tunnel w/o packet forwarding (routed instead of bridged isn't sufficient alone), unlike a consumer VPN client. The OpenVPN company (yes, it's commercial) does sell a personal VPN product.

Servers can specify various options but clients don't implement them. Getting DNS config changes applied requires hacks (like custom shell scripts in Linux).

Show thread
Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.