Is there an option to password-protect your client keys in the Certificate authority or in the VPN module somewhere. Not sure if I over looking it. I know that OPENVPN has the option for this when creating the certs with the "build-key-pass script". This is great to some added security with your clients keys out there on road warrior scenarios where the entire remote device can disappear or fall into the wrong persons hands.