+ 2 Votes Realistically, this is not needed robo_dev 1 year ago Sorry to give a whole security lecture here but.... First of all, a properly configured point-to-point IPSEC VPN, when connected, has very little attack surface. When VPN router A is connected to VPN router B, you cannot connect a rogue VPN to router A, for example....the tunnel is already established. (The pattern is full) Of course setting up the tunnel COULD be a point of entry, but only when the connection is offline...but a shared secret cannot be brute forced and also guessing and spoofing the remote IP address gets a bit complicated. Any device on the Internet will get probed, but the main security risk out there are USER VPNs, not site-to-site VPNs. With VPN hacking tools like ikescan somebody can determine if aggressive mode and a pre-shared key is in use, but if the device is in 'main mode' with a certificate then it's safe enough for the Pentagon at that point. Once the tunnel is established, you're relying on the strength of the encryption mainly, but typically unless you're on a military base in enemy territory, someone is not going to be intercepting and trying to cryptoanalyze your every packet.