You may want to look into an OpenBSD server for your VPN.  I mention this simply because OpenBSD's 
sole focus is security and it comes with IPSec as a default protocol.  I know a Linux server can be 
made very secure, but I also know that it takes some doing to get it so.  I'd love to hear further 
ideas on this matter as we are in need of a similar setup at my place of employment.
Thanks.
Rob