You are correct. OpenVPN is a SSL/TLS implementation that supports site-to-site VPNs in user space (i.e. a product...
not requiring integration with the OS kernel, also known as "ring 0 space"). TLS is an SSLv3 implementation with some enhancements and fixes. The aim of TLS was to consolidate different SSL implementations. SSL/TLS VPN implementation in OpenVPN supports encryption of link traffic exactly like IPSEC VPNs. It is actively being developed and is a secure alternative to the more traditional appliance-based products.
PAM, or pluggable authentication module, is a flexible mechanism for authenticating users that provides a way to develop programs independent of the authentication scheme. A good place to start with OpenVPN config using PAM would be the readme for the auth-pam module. I have included the SVN link for v2.0.
Dig Deeper on VPN security
Related Q&A from Anand Sastry
While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses. Continue Reading
Transferring files from a DMZ to an internal FTP server can be risky. In this expert response, Anand Sastry explains how to use SFTP automation to ... Continue Reading
When setting up a site-to-site VPN, where should the VPN endpoint be in the DMZ? Learn more in this expert response. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.