==== Original message from Kapetanakis Giannis at 8-11-2013 13:38 > I would like to discuss some suggestions about VPN to multiple road > warriors. > > So far we're using OpenVPN, but I want to change that or at maybe > offer L2TP/IPsec in addition to OpenVPN. Have you considered using isakmpd?
> Playing around with npppd was straight forward and I was quite > impressed with it. Good job. > EAP-TLS would also be a very nice feature to have. > > What I'm wondering is what you guys do to setup the ipsec path of the > tunnel. > > One option is to use a unique pre-shared key for all clients. But this > is probably insecure since > it opens MITM attacks. Isn't it? > > Best option would be is to use a PKI infrastructure for your clients. > Isn't that a pain in the ass for users (user registration, key > deliveries etc). > How do you guys manage this for best user experience and compatibility > with most OSes? PKI is a bit of a PITA but it is doable. You could use a PKCS#12 package to deliver the certificates to the client. Daniel