Anyone tried to do this?

 

I'm running the 5.5 version and have the l2tp going now.  But quite like the idea of a on demand and certificate authenticated vpn on the usg rather than port forwarding in to another machine.  Just want to know if it's physically possible.    Another machine does have advantages for backups etc/snapshots etc in case I hose it, so there's pros/cons to both.