The "improved security" pretty much makes non-M$ IPSec VPNs impossible.
Just take a look at the amount of "unknowns" and dates in the latter part of 2007 in here: [link|http://support.microsoft.com/kb/929490|http://support.microsoft.com/kb/929490].
And I know that the Nortel situation is not fixed as that document claims: the version listed was a cobbled together Vista-only XP-compatibility mode (now there's an oxymoron...) hack to at least get the drivers to install.
Even with the "real" 7.01 driver, Vista appears to associate the driver with a network interface of it's choice and can't be moved to associate it with the one you want. And with that we haven't even addressed the fundamental problem yet in that Vista makes NAT encapsulation mandatory even if there is no NAT involved on the network. (Haven't had the time yet to investigate the full effects there. So far we have only one remote connector who jumped in the Vista swamp and he still has a functional XP machine)