What is our primary use case?
We are a solution provider and the OpenVPN Access Server was one of the products that we used for our customers. It is used to create remote desktop connections into the cloud network, where people who are working from home can share resources with people in the office. When people are working in an office then they have a local network, and OpenVPN expands the network for use externally.
We are no longer using this solution because of complaints raised by our customers about security vulnerabilities. The server is now shut down.
How has it helped my organization?
This server allows you to connect to a network that does not have any public IP addresses. You first dial-up the OpenVPN to get onto the network, then directly use the private IP for the local device. Once the connection is made, we can do development work, maintenance, or whatever is required.
What is most valuable?
The most valuable feature is the remote connection capability.
It is easy to use.
There is support for multi-factor authentication.
What needs improvement?
We would like to be able to access the parts of the network that belong to other virtual LANs, which is not currently possible. For example, if an organization has different VLANs for sales, developers, and production, then we can only connect and view one of these segments. If you can access sales then you will have visibility of that particular subnet and not be able to see the developer VLAN resources.
The security needs to be improved because it was a complaint that our customers had. I'm not sure exactly what the specific issue is, other than they told us that it was not compliant with their organizational policies.
It is not possible to scale this solution horizontally, which is something that should be improved. They could allow multiple instances to run in different zones, synchronizing with each using a round-robin scheduler.
It would be great if they added intrusion prevention and detection (IPS/IDS) features. If they had these then there would be less need to use other products, such as firewalls. It would allow everything to run under one umbrella with centralized control.
For how long have I used the solution?
We were using OpenVPN for about one year and we migrated away from it about three months ago.
What do I think about the scalability of the solution?
Horizontally, this solution is definitely not scalable. Vertically, it is possible but there will be some downtime. Scaling requires that we stop the server, upscale it, select a different instance, and then restart it. The downtime is approximately five minutes.
How are customer service and technical support?
I have been in contact with technical support and the experience was good. They have knowledgeable people.
Which solution did I use previously and why did I switch?
We have migrated to Fortinet because of security vulnerabilities.
How was the initial setup?
The initial setup is easy. Once we go to the marketplace for the license, we can install and start using it. This involves selecting an image, then selecting a VM, and deploying on that. You then install the certificate and create the users. Creating users is also easy to do.
One person is enough for this task and it will take between 15 and 30 minutes to deploy.
What about the implementation team?
Our in-house team deploys OpenVPN for our customers. After the deployment is complete, users will log in, download their profile, and then they can connect.
Which other solutions did I evaluate?
Before migrating to Fortinet, we looked at other vendors including Cisco. We found that based on the sizing we needed, the pricing of Cisco AnyConnect was not as competitive.
Personally, I have not found any differences between these products that affect what I need to do.
What other advice do I have?
Personally, I like this product and our decision to shut down the server is in response to decisions made by our customers. I have not found any issues with it, myself.
I would rate this solution a nine out of ten.