Stephen Borrill <netbsd@precedence.co.uk> writes:

> N.B. I use [OpenVPN] in TCP client/server mode; the peer-to-peer UDP
> mode seems a bit useless to me if you've got dynamic addresses
> and/or firewalls/NAT in the way.

I've been using OpenVPN over UDP, with the client portable using
dynamic addresses behind NAT/PAT-ing firewalls, and it's no problem at
all, as OpenVPN sends and receives on the same port.  Just remember to
configure the keepalive functionality, to remind the firewall that the
mapping exists.

-tih
-- 
Don't ascribe to stupidity what can be adequately explained by ignorance.