VPN: solutions that interoperate with win xp

[<dick_(_at_)_uchicago_(_dot_)_edu>]

heya,

i've been grinding away to get a VPN setup where i can have win xp clients
connect to my openbsd firewall and access the network behind it. i have tried a
number of things, none of which have yet worked for all my users. i am very much
interested in hearing from other admins who have currently working solutions
along these lines. i have setup isakmpd between my home and my business
location, so i know i am not a complete idiot when it comes to this stuff ;).

when i tried to use the native windows IPsec implementation, both as described
in http://openbsd.cz/~pruzicka/vpn.html and through the confusing GUI, i was not
able to get anywhere. when i used ipseccmd.exe, it would not give me any useful
debugging outputs and crashed a couple times while i was trying to set this up.
i would very much like to have a setup using the native IPsec in win xp, but am
utterly in the dark as to the win xp configuration side of things.

i have also setup openvpn, which works great for me from home, and i have been
able to successfully get this working. however, one of the users that connects
to my VPN is having problems making openvpn and his kerio firewall "play nice",
and a working openvpn configuration cannot survive a reboot due to win xp being
such a great OS.

i am also aware of "the green bow" VPN client that is known to interoperate with
isakmpd. i have avoided using this solution since i know it to be a resource hog
on win xp. anybody else's views on this software would be nice.

anything that you think could help me get a VPN with win xp talking to my
openbsd firewall would be awesome. i would love a "howto" for the win xp boxes,
but a smack with the cluestick is likely all i need. it would be nice for this
to NOT use certificates, as i'd like to get a shared secret setup working first,
then switch to certs later.

cheers,
jake