In my opinion, I will deploy all my products which will be used in remote locations with a dedicated network device, such as Cisco ISR 819, or Mikrotik mAP. All the security stuff (IPSec / VPN / Firewall) are handled by network devices, then I can safely use plain protocol on the actual product.