If considering Windows only environment, what's the advantage of introducing OpenVPN as the company VPN service, instead of Windows built-in protocols?
Especially the new SSTP protocol already overcome the one of the weakness of PPTP, which may not go over firewall/NAT.
I'm wondering is there any reason not to use Windows integrated solution.
The strength of the security can be an issue but I'm not sure how different they are (I know MS VPN was vulnerable but is it still?)
Thanks.
Best Answer
The availability of clients for OpenVPN is more wide than that of SSTP (at least, right now). I can buy an IP phone with an embedded OpenVPN client, for example. AFAIK, Microsoft didn't back-port the SSTP client to Windows XP (which, initially, they said they would), so that cuts off a large client-base. In contrast, though, SSTP doesn't require the installation of third-party software on supported client operating systems.
There are no per-client license fees with OpenVPN as there are with Microsoft's offering. (I won't offer my opinion on which specific usages need a Windows CAL and which doesn't... In some documentation Microsoft claims that a DHCP client needs a CAL, so I tend to give them a wide berth. If my janitor dusts around my Windows Server machine I probably need a CAL for them. The right place to find out about licensing is the software "manufacturer" anyway...)
The functionality built-in to the OpenVPN client to receive "pushed" routes is more flexible than Microsoft's VPN client (unless you use the CMAK, and that hasn't been reliable for me in practice).