Steven Bellovin (smb) writes:
I should note: IPsec, being datagram-based, will also work well. PPTP, which runs over TCP as far as I know, will suffer all of the ills I just outlined.
PPTP uses 1723/tcp for control, but the tunneled traffic is GRE, so that would work fine as well.
If you do it correctly, a VPN is actually better: you can assign a static internal IP address to each certificate. If the modem connection drops, when you reconnect the applications will still have the same IP address, so their connections won't be interrupted.
Absolutely, that's the case with OpenVPN, if you assign static IPs to each profile. PPtP can do this as well, for instance using MPD. Very big advantage in fact.
Someone suggested trying it using a FreeBSD flakeway; that's a good idea.
Using a dummynet box as a router (or bridge for that matter), you have the benefit that you can run tcpdump on the trafic, and record the packet sizes with and and without VPN, then derive the actual observed overhead. Cheers, Phil