On Apr 21, 2011, at 4:31 32PM, Phil Regnauld wrote: > Steven Bellovin (smb) writes: >> >> I should note: IPsec, being datagram-based, will also work well. PPTP, >> which runs over TCP as far as I know, will suffer all of the ills I just >> outlined. > > PPTP uses 1723/tcp for control, but the tunneled traffic is GRE, > so that would work fine as well.
Ah, thanks for the correction. > >> If you do it correctly, a VPN is actually better: you can assign a >> static internal IP address to each certificate. If the modem connection >> drops, when you reconnect the applications will still have the same >> IP address, so their connections won't be interrupted. > > Absolutely, that's the case with OpenVPN, if you assign static IPs to > each profile. PPtP can do this as well, for instance using MPD. > Very big advantage in fact. Yup, I've done this myself with OpenVPN. --Steve Bellovin, https://www.cs.columbia.edu/~smb