Signed VPN

Does anyone have a guide on setting up a VPN such that you generate a unique secret key to carry around? I feel that even if you authenticate against the VPN it is still possible to get at the data since a man in the middle attack could take place to snoop some auth tokens.