Another good alternative to IPsec is OpenVPN. It's called a "TLS VPN" but really, it simplifies TLS a lot and doesn't use many of the complicated parts of the protocol. It's much more sane than I had expected, and likely easier to secure than IPsec.
I've recently started recommending it for a everyone who doesn't have IPsec hardware, something I should have done long ago (but I mistakenly thought it to be less thought out than it was). Android support is solid too.
It automates the process of installing & creating OpenVPN, and means so that anyone who can download a file & run a bash file will be able to make a VPN.
I've recently started recommending it for a everyone who doesn't have IPsec hardware, something I should have done long ago (but I mistakenly thought it to be less thought out than it was). Android support is solid too.