I have a VPN setup configured in another routing platform (IPCOP). I had to make significant customizations and am looking for a new solution and stumbled upon ZeroShell.
My scenario is I use L2TP/IPSEC. This is a requirement as my Windows machines cannot have new VPN clients. They are also connected to a Win 2008 domain.
There is a single CA on this domain (running Win 2008) and once machines are joined, they are automatically granted a certificate. This certificate is used with L2TP/IPSEC as well. The VPN server I am running is linked to a RADIUS server running within my network (Win 2008) box.
What this means is once the computer is added to the domain, and the user logs in once, they can connect via VPN with only adding the new VPN connection. I don’t need to be issued new certificates manually (since this is done automatically via the domain cA), nor need to be added as users in the VPN server on the router, etc. The VPN connection they create is done so “Automatically use my Windows logon name and password (and domain if any)” is selected. The current VPN server merely checks to make sure the certificate was issued by the CA on the domain and then routes the login information via the RADIUS server in my windows domain.