>the best way is to use ssl-vpn rather than ipsec, via OpenVPN. Its a >breeze to install and configure compared to most any other VPN, quite >easy for the server to push routing rules to the clients, etc. I'll second the OpenVPN reco, I just migrated off a Cisco PIX to this and it is the most configurable, and stable thing I have seen in ages. I have connections from both Linux and Windows machines that sustain for several days without a single hiccup whereas the PIX would often suffer from non recoverable transient errors that tanked the connection. jlc