I’ve been looking into this as a replacement for pptp on our installs, the problem that is forcing us to change this is that as of today the pptp protocol with MSCHAPv2 is broken (see http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security) so it doens’t offer any security.
The natural replacement for this is l2tp, but the experience on the platforms testes is varied, this is what I found so far.
Android no problems so far, it can be configured with user/password only (psk is optional)
Mac OSx, it supports either using a PSK (which zeroshell doesn’t) or HOST certificates (but strangely it doesn’t seem to like zeroshell created host certificates)
ios (iphone), the only methods are RSAkey or PSK, none supported with zeroshell
The problem is that the only thing that works in across all the plaforms is using preshared key (PSK)
Currently racoon is configured to use rsasig for phase 1
The other method, that would allow us to zs to work with IOS and others would be to use
So far I am stuck with this, it seems to me (still have to investigate a bit more) that racoon needs to be compiled enabling the hybrid mode (mixed authentication with x509 and certificates).
I will post whatever I can get.