Sounds like from the m0n0wall standpoint, you could go either way, since
you have a whole /28 network to play with, that leaves security, ease of
use, and feasibility. Security could be strong enough with PPTP,
depends on your own risk assessment. For a fun read, try this:
again, it's a personal risk assessment. If somebody actually takes the
time to get into your LAN this way, do they deserve what they find? :)
Are you trying to protect the iner workings of the New York
Clearinghouse or a machine with pictures from grandma's last birthday
bash? meaning, would anybody go through that much trouble at all, rather
than poking at less secured targets? Your decision. I had some other
troubles with PPTP a long time ago, can't even remember what, and
scratched it off my list, just personal preference.
For ease of use, imho, openVPN beats an ipsec implementation, especially
if you are just starting out. the Examples and HOWTOs on openvpn.org are
extensive, and the community is quite active. ipsec is probably the
better choice for point-to-point connections between two networks where
you have control over both ISP connections.
As for feasibility, again depends on your road warriors. A lot of places
give you "free wireless", and as you know, you are NATed and possibly
firewalled. ipsec relies not only on certain tcp/udp ports, but on a
specific IP protocol (beyond tcp and udp), which many places might
filter (don't know about coffee shops, but I know that I work at a lot
of clients where nothing besides ports 80 and 443 is open, so my
employer's corporate VPN runs on a proprietary system through a single
tcp connection). With openVPN, you can, since you have more than one
static IP, make it listen on tcp port 80 on a static IP, as this will
get you through 99% of all firewalls your road warriors will encounter.
> I'll google around on this... sounds interesting. Are there some
> instructions on OpenVPN with m0n0wall posted somewhere? What is the
> client that I would use from the laptop running XP?
Someone wrote a really nice GUI for windows, check openvpn.org if you
want to go that route. the site also features some basics, worth a read.
Once you read the docs, the m0n0wall setup is self-explanatory, but I am
sure someone besides Peter can answer specific questions.
I am finding myself an advocate of openVPN now, and am not even sure
why, never contributed to the project, I just started using it one day
after the PPTP oddness (which I cannot recall) and the Win2k<-> freeSWAN
Peter already posted the download link to his images, remember that they
are not really supported due to some weirdness with the virtual NICs or
something, but it definitely works, and I am hoping he will bring out an
image once 1.3 is final (*nudge* *nudge*, *wink* *wink*).