Having recently acquired ADSL at home I’ve setup a VPN link to my personal box offsite. Currently this is a pptp link with CHAP authentication, no encryption and no compression. So I was looking at the two separate (window compatible) options: pptp+mppe or ipsec+l2tp. Both will provide a ‘safer’ connection than plain vanilla packet encapsulation.
IPsec is also a twisted tale. To get IPsec working with NAT you have to make sure you have the latest (and then some) versions of *swan with all the required NAT-T patches.
Currently I’m looking at the IPsec route because I’m hoping that it requires ‘only’ patching usermode code.