openvpn is distributed with Fedora, but is blocked by the standard firewall. Since openvpn provides a very useful and very secure protocol, I think that it would make sense to simplify the process of unblocking it, or even unblock it by default (as is done with IPSec). In order to use openvpn the user has to open a udp port (1194) that is currently unlisted in "Other Ports" box and add a custom iptables configuration file with either or both of the following rules (or their equivalent): -A RH-Firewall-1-INPUT -i tap+ -j ACCEPT -A RH-Firewall-1-INPUT -i tun+ -j ACCEPT Listing the udp 1194 port in the "Other Ports" list would be a small positive step, but adding it to the "Trusted Services" would be better. Including the tap+ and tun+ interfaces in the "Trusted Interfaces" list would be a really valuable step, as it would obviate the need to create a custom iptables config. I think that the balance of the argument would favor opening 1194 by default. Granting tun+ and tap+ interfaces open access by default would only have limited security implications, since they loop back to the localhost. However, I am not really too bothered what the defaults are ... so long as I can change them :).
Fixed in system-config-firewall-1.0.7-1. You an now accept traffic from tun devices and there is a prefedined OpenVPN service.