Su Tam Nguyen wrote: > > I want to use IPSec to authencicate all packets. Like Howard I'd strongly recommend to set up StartTLS ext. op. or LDAPS. You could use client certificates for stronger authentication. > BTW, I use OpenVPN to implement the VPN. OpenVPN does not implement IPsec. It uses SSL (or TLS) as cryptographic protocol. So better use the built-in SSL/TLS feature of OpenLDAP. Ciao, Michael.