The university I am at does not use WEP/WPA to secure teh wireless campus. Instead they use the Cisco VPN client. There is a shared group password for the VPN for everyone that uses it though that is a significantly small number. I'm only a little familiar with VPN/IPsec but I am wondering just how secure that really is since Wireshark has the ability to capture ESP protocol and has places in the config for keys. It seems that unless a new key pair is generated for each users during the connection setup that sniffing would be super simple. And if a key pair is generated how secure is that.
It seems to me that the FON/Jasager would all to easily do a MIM and sit between the real VPN and the user.
In such a case, aside from abolishing wireless what is the best way to secure a large campus wireless system with AP to AP roaming?