Hi Misc, I need to provide secure access to a web application running on my servers to handful typical desktop users. I am thinking of requiring them to have L2TP/IPSec VPN tunnel before they can browse my application. HTTPS is not good enough due to the nature of the application.
Why L2TP? I am not a Windows uses but it seems that it should be trivial to setup client side https://www.hideipvpn.com/2010/03/howto-windows-7-ipsecl2tp-vpn-setup-tutorial/ and avoid customer service requests, on another hand I am reading man pages for npppd and ipsec on 5.7 and Giovanni's slides from two years ago http://www.slideshare.net/GiovanniBechis/npppd-easy-vpn-with-openbsd for the talk he gave at BSDCan IIRC. I don't need to use RADIUS just a local authentication database. It is in the base and it seems very easy to configure. Is anybody running similar setup in production? Any caveats? Any other advises before I take a plunge. Predrag P.S. I have quite a bit experience with OpenVPN server on OpenBSD but in my experience getting credentials to a Windows client is pain because a typical user knows only to double click and I don't know now to properly make Windows packages.
