Best VPN option for AD/RRAS?

coachmark2

I'm going to be implementing a VPN setup at a site that I've got PFSense deployed at. I'm very familiar with how to setup PPTP for Windows computers, but since that's been broken….  >:(

Anyways, what VPN implementation would you recommend for my situation considering:

-We have about 10 users that would be online at any given time
-We have a pair of PowerEdge R200s online for PFSense
-We are a 100% Windows/AD environment with an RRAS and NPS server
-Username and password based auth is required. Secure though they may be, certs installed on both ends are out of the question.
=EDIT- Also, the use of Windows' integrated VPN client is necessary

Thanks!

corradolab

Given your strict requirements list, I believe your only option is L2TP/IPSec Windows clients against the RRAS server.

Anyhow the extra cost (in hardware, software and maintenance) for a dedicated RRAS server seems to exceed the effort of setting up a non Microsoft VPN client (ie Shrewsoft or OpenVPN).

Regards,
  Corrado

coachmark2

Aye, that may be. We've got a heavily virtual environment so for us its zero marginal cost to spin up another VM for that purpose. Though I am intrigued by OpenVPN. That it can export a setup executable is really cool. I might just go with that instead.

Other thoughts?