You are correct. OpenVPN is a SSL/TLS implementation that supports site-to-site VPNs in user space (i.e. a product...
not requiring integration with the OS kernel, also known as "ring 0 space"). TLS is an SSLv3 implementation with some enhancements and fixes. The aim of TLS was to consolidate different SSL implementations. SSL/TLS VPN implementation in OpenVPN supports encryption of link traffic exactly like IPSEC VPNs. It is actively being developed and is a secure alternative to the more traditional appliance-based products.
PAM, or pluggable authentication module, is a flexible mechanism for authenticating users that provides a way to develop programs independent of the authentication scheme. A good place to start with OpenVPN config using PAM would be the readme for the auth-pam module. I have included the SVN link for v2.0.
Dig Deeper on VPN security
Related Q&A from Anand Sastry
Transferring files from a DMZ to an internal FTP server can be risky. In this expert response, Anand Sastry explains how to use SFTP automation to ... Continue Reading
When setting up a site-to-site VPN, where should the VPN endpoint be in the DMZ? Learn more in this expert response. Continue Reading
IEEE 802.11 has several known vulnerabilities, so what's the best way for enterprises to handle them? Expert Anand Sastry explains. Continue Reading