[lug] openvpn followup

[Bear Giles]

Followup to the earlier openvpn questions....

I still don't know why the P-t-P didn't work when initiated from the 
home side.

I finally got client-server mode working.  The key (no pun intended) is 
that a DSA cert is acceptable for the server, but the client must have 
an RSA cert.

I haven't been able to get the entire NFS stack on the VPN alone, but at 
least portmap and rpc.mountd pay attention to hosts.allow/hosts.deny.  
That gives two layers of protection since the firewall rules should also 
block access to these ports.