On Apr 21, 2011, at 4:31 32PM, Phil Regnauld wrote:
Steven Bellovin (smb) writes:
I should note: IPsec, being datagram-based, will also work well. PPTP, which runs over TCP as far as I know, will suffer all of the ills I just outlined.
PPTP uses 1723/tcp for control, but the tunneled traffic is GRE, so that would work fine as well.
Ah, thanks for the correction.
If you do it correctly, a VPN is actually better: you can assign a static internal IP address to each certificate. If the modem connection drops, when you reconnect the applications will still have the same IP address, so their connections won't be interrupted.
Absolutely, that's the case with OpenVPN, if you assign static IPs to each profile. PPtP can do this as well, for instance using MPD. Very big advantage in fact.
Yup, I've done this myself with OpenVPN. --Steve Bellovin, https://www.cs.columbia.edu/~smb