Please share with the community what you think needs improvement with OpenVPN Access Server.
What are its weaknesses? What would you like to see changed in a future version?
The high availability deployment is not very straightforward. They can make it simpler. OpenVPN does not support some of the additional protocols that Pulse Secure and Cisco AnyConnect support. They can include support for these additional protocols.
We would like to be able to access the parts of the network that belong to other virtual LANs, which is not currently possible. For example, if an organization has different VLANs for sales, developers, and production, then we can only connect and view one of these segments. If you can access sales then you will have visibility of that particular subnet and not be able to see the developer VLAN resources. The security needs to be improved because it was a complaint that our customers had. I'm not sure exactly what the specific issue is, other than they told us that it was not compliant with their organizational policies. It is not possible to scale this solution horizontally, which is something that should be improved. They could allow multiple instances to run in different zones, synchronizing with each using a round-robin scheduler. It would be great if they added intrusion prevention and detection (IPS/IDS) features. If they had these then there would be less need to use other products, such as firewalls. It would allow everything to run under one umbrella with centralized control.
The product is fully customized through configuration files, which is all achieved through manual data entry. This is where it becomes unattractive. If there was a Graphical User Interface to help streamline the configuration, I believe OpenVPN would probably venture more into the non-geek realm as it were. What I mean by this is, if there was a form-driven configuration process, like a "File -> Settings" kind of thing, where the end user can enter data into fields to specify the connection specifics, e.g. hostname/IP Address, protocols, etc. that could be written into the config file in the background, similar to what you see in YaST over in openSuSE in some of the services area, etc., and basically foolproof the VPN configuration, you may see more GUI-oriented folks using OpenVPN. Of course in saying this, I anticipate what's going to happen: "Well, give it a try, Elliott!" I'd love to, but my programming skills aren't there yet - I'm a "Edit the file" guy...
The upgrade path from older versions was more difficult than we wanted to tackle, so we ran an older version of the software for longer than I wanted. Patching, updating, and migrating to newer versions was a problem for us. That said, we were on a rather old version that I inherited yet it worked rock solid.
What do you like most about OpenVPN Access Server?
Thanks for sharing your thoughts with the community!