Date: 22-04-05 00:06
Recently, I've been playing with OpenVPN [http://www.openvpn.org] in a number of environments and I have found it quite light to set up compared to most other IPSec configurations I've bumped into.
The software is available on most of the major platforms (linux, win2000/XP, OpenBSD, FreeBSD, NetBSD, MacOS X, and Solaris) and there are GUIs for MacOS X and Windows.
The reason I bring this is up is because I found that the OpenVPN tunnel is 'secure', the daemon offers and assigns IPs to clients with its own DHCP service. The service can be set up to operate in a bridging or routing mode as well. This may allow you to work with the internal services that require broadcast capabilities such as NetBIOS, etc.
Authentication is handled with SSL Certificates that can be password protected, etc., ensuring that you're really talking to you the server you think you're talking to. While not directly applicable to your wireless security setup, OpenVPN appears to do quite well through NAT where I was having serious connectivity problems with IPSec and people roaming behind various access gateways at hotels, etc, etc.
Finally, the complexity of IPSec and cost of dedicated clients for Windows made managing the infrastructure more work than I wanted. OpenVPN so far has been working well and according to a few papers out there (Check out SANS.org), OpenVPN is well done and so far I'm inclined to agree.
Anyhow, I thought I'd put another option out there on the table. I've personally deployed OpenVPN on OpenBSD out of familliarity and I'm quite pleased with the software thus far.
Should you decide to try out OpenVPN, I'd like to hear about your experiences with it. :)