To anyone interested...

I currently have two OpenBSD 3.5 firewalls setup with a fully functional VPN between the two. Windows workstations on the remote side can log into the Windows 2000 AD server on the main side and browse Network Neighborhood just fine. All is well.

Here's the problem: The remote side is going to have a few workstations on wireless connections behind the remote firewall. I want those connections to be as SECURE as possible. My idea was to use RADIUS for Authentication and Microsoft's L2TP/IPSec (Win98 machines) to VPN to the INSIDE of the firewall from each wireless client... So far I can't really find any way to make that happen.

This may sound like in insane thing to do... but I have all sorts of HIPPA complience stuff going on and I've got make things as secure as possible... Any suggestions / ideas?