The fact that something can be worked around with enough footwork really doesn't make okay.

Sure. Neither is it ok for VPN vendors to pretend as if NAT wasn't a part of daily life and reality.

Consider the congestion related behavior of TCP inside TCP. Consider the additional perpacket overhead of TCP encap, and the effect of the additional fragmentation that will happen since few networks will pass datagrams over 1500 bytes.

So? So fragmentation will happen. Look at all the existing DSL etc infrastructures where you do have to live with MTU molestations. Frag happens. So what. It still works nicely. What are we gonna do next? Whine about broken PMTUD?

If networks operators had demanded IPv6 in the past far more products today would be enabled and the 'upgrades are expensive' argument would be moot. Simply passing the buck to the customer is not a globally wise solution.

Sure. Simply ignoring present reality isn't a globally wise solutions. Hence we have broken VPN products incapable of dealing with NAT. Some are capable of dealing with NAT just fine, and are readily available. Enough said. VPN vendors incapable of dealing with NAT (which is really a quite simple fix, totally independent of the NAT box) should be terminated with extreme prejudice. ***** "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers.61"