This question (and some more research) has revealed that OpenVPN isn't for me. So, what are my other options? In particular things I need/want (most important first) are:
- A server daemon that runs on Linux without kernel modules
- Clients work from behind NATs and Firewalls.
- Free/FOSS
- Support for PPTP, L2TP or L2TP/IPSec PSK/CRT
- A architecture that makes all accesses equal: if the server is to have access to the VPN, then it must be a client. Just like everyone else.
- Minimal configuration/state.
The first 3 are must haves and the last is a nice to have. The rest I could live without, but then again I could also live with nothing.
SSH might be your friend : it can port-forward and encrypts and is built-in to all good operating systems :-)