Now that I have Samba and a domain working, the next step is secure remote access for the employees. I'm hoping that someone has already done this and can give me some pointers, rather than me having to blunder my way through it (though either way, I'll post any useful info I come across).

Right now I have a Cisco 1841 which can host a VPN authenticated against RADIUS or TACACS+, but the FreeRADIUS team doesn't recommend using LDAP as a backend and TACACS+ seems to be Cisco proprietary so I'd like to avoid that.

I also have three Linux servers on which I could run something along the lines of OpenVPN, PoPToP, or FreeS/WAN, but as usual the documentation for integrating with LDAP is lacking.

I have to support Windows, OS X, and iPhone clients, so PPTP and L2TP are my only protocol options. I understand of the two, L2TP is more secure and since it doesn't depend on GRE it can be run through routers a lot easier.

Ideas?