Just because this forum is a little dead…
VPN access, I got this setup with the help of Michael last year, though i could only get a chromebook to work with it. could not get any Windows machine to connect to it. This was using the built in Windows VPN client.
Further to this, it would be good to be able to make multiple VPN profiles as we need external users who maintain different systems to be able to access the network remotely but only parts of the network. i.e. Phone system (specific vlan), financials (RDS to a single server), maintenance systems (vlan/specific IPs).
Some specific logging and being able to send email alerts when these vpn profiles are being used/accessed would be good to.