There's obviously quite a bit of misunderstanding here, so let me try to explain:

There are two entirely-different "use cases" here. One is that you want to securely connect two internal networks. The other is that you want to conceal your access to the outside world – or, merely, to secure your conversations among industrial spies within the same coffee shop.

In the latter case, you are establishing a VPN connection to a commercial provider who will then dump your now-unencrypted communications onto the public internet. The distinction here is not "the security of the pipe," but what it is ultimately connected to. No one will be able to intercept your messages, until they emerge at some IP-address (somewhere) that is publicly known to be "a public VPN endpoint." By then, "VPN will have done its job."

The "road warrior situation" entirely depends upon whether the participants are using digital certificates as opposed to PSKs = Pre-Shared-Keys = Stupid Passwords. If they are doing things properly, then each participant has a unique digital certificate which cannot be forged, although it can (and should be) "password protected." Without the password, the certificate cannot be used. But, if the underlying [unique ...] certificate has been [uniquely ...] revoked, then it worthless. Therefore, as soon as the company realizes that a particular laptop has been stolen, they can invalidate that computer's access, whether or not the encryption password surrounding that particular certificate had been compromised.

All: Great feedback from everyone! LQ has the experts. Based on everything said, I went the Sonicwall route. As it turns out, there is no cost to start as the TZ400 device comes with 2 licenses and an additional 1 user license is about $50, 5 user license about $130. These are one-time costs, not subscriptions.

I had help from an expert with Sonicwall to configure the TZ400 device and add the first user (me). I downloaded NetExtender (the VPN client) to my Windows computer and configured it with server IP, credentials, etc. This is a remote computer so basically this is the "Road Warrior" situation. Thus far, this works fine.

Perhaps last issue on this mentioned by sundialsvcs in post #16: What certificate? I didn't see any certificate configs associated with the Sonicwall VPN stuff. Are you referring to the certificate warning that comes up when one connects via RDC?

Something similar to this below, each client device has a unique certificate created.
https://www.sonicwall.com/support/kn...0503620790668/

I'd use openssl to create the csr and probably Digicert afterwards.
Check with your sinicwall rep.

If(!) you properly use digital certificates, both commonly-used VPN technologies (OpenVPN and IPSec) are equally reliable and secure. Tools are available for both to simplify the deployment of new road-warrior machines and the management of chores like certificate revocation. If your SonicWall has these features, feel free to exploit them: that’s what your company paid the big bucks for.

Good and easy-to-use client packages are readily available for both VPN technologies, and for every operating system. Your users “click on an icon at the top of the screen, wait for it to turn from grey to black, and that’s it.” They have no idea what actually happened, and they have no reason to care.

Per contra, PSKs = Pre-Shared Keys = Simple Passwords” will never be secure … Do not use them.

The only “truly interesting feature” of OpenVPN is its so-called tls-auth, which can conceal the presence of the VPN endpoint. Which entirely shuts down “nuisance” attempts to break in to it. (As long as you are using “port-free” UDP rather than TCP/IP … UDP being the default.)