==== Original message from Kapetanakis Giannis at 12-11-2013 20:42 > >>> So far we're using OpenVPN, but I want to change that or at maybe >>> offer L2TP/IPsec in addition to OpenVPN. >> Have you considered using isakmpd? > > Yes my test implementation was with isakmpd and npppd. The problem is > the authentication on the ipsec path. > I don't want to use the same PSK for every-one. isakmpd with an ipsec.conf set up to use X.509 certificates would take care of that.
> However the whole process is much more difficult for the end user than > New Connection -> Define Connection type -> Enter username/password -> > done. If you use PKCS#12 you can send the certificate to the end user by mail without compromising security. All the end user needs to do is tell a (properly configured) VPN client where the PKCS#12 package is located and he/she is up and running. Daniel