I would never put an OpenVPN server out in the open. I would put it in a DMZ behind a Firewall.
I think the picture is misleading. It seems to leave out firewalls, routers, switches, cables or any hardware, and shows only an overview of what should happen.
I think it is *implied* that there should be a firewall behind the grey cloud.
This is also supported by the next few paragraphs in the documentation, as it mentions a border firewall that OpenVPN would be behind, and which ports would need to be open and forwarded.
I believe the reason behind this misleading graphic, is that it is in the "Overview" section. Overview sections are general, and leave out minute details. In the very next section, a more fine grained explanation of the openvpn architecture is explained and the graphic uses a firewall. So, I would ignore this "Overview" section, and concentrate on the 2.2.1 section of how things should be done.
Last edited by szboardstretcher; 02-14-2011 at 12:53 PM.
|