Usage of PPTP is mandatory. Not all clients are capable of IPSEC. And the solution must be "(Windows-)enduser-compatible"... However, using IPSEC would cause the same problem - how to get a Windows box to establish the VPN at startup and use a static route to the remote LAN while leaving the default route pointing at the local internet gateway. This is _not_ a good idea. All professional VPN software I know prohibits access to the internet while connected to the VPN. Even the cisco VPN client for linux does that! Most VPN clients also contain a small personal firewall that rejects all connections. If people need internet while using the VPN, tell them to use the proxy in your company.
Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \