Great summary.
IPSec for iOS is currently a Cisco implementation.
There is nothing wrong with using PPTP over encrypted wireless. The only real complaint about PPTP is that it can be configured to send the username and password in plain text over a wired network. I you secure and encrypt your wifi signal, your PPTP connection will be adequately secured for most corporate networks - though your paranoid IT guys may still disagree.
If you do get an over zealous IT security guy in your face, challenge him to intercept your communication and hack your password... It's highly likely he has read somewhere this can be done but has no clue how to do so, and that it's more challenging than the article he read on a blog somewhere.
I've heard rumors of more broad VPN support coming, including SSL VPN but nothing concrete.
-t
Hehe, thanks, thewitt.
I hate to admit it, I *am* one of those paranoid I.T. guys (just for a small organization that doesn't doesn't deploy VPNs (nor iPads, sadly) who also happens to love Wireshark and be somewhat of a crypto geek.
However, I do take your point re: PPTP's relative security being adequate in most instances and probably fine for a home server setup such as the OP's.
I personally suspect that PPTP gets a bad rep. because it reminds people of WEP (in that they are both older protocols and both use RC-4 for their default encryption). Of course, in the case of WEP, it was out right bad design and poor implementation that led to its downfall, not necessarily the crypto algorithm used.
Much better (wider) VPN support in iOS 5 would be great although I'm not holding my breath. I'd much rather be pleasantly surprised this fall rather than disappointed yet again.
[My apologies in advance if the following is not an option the OP is interested in. Hopefully the info might be of use to others who happen across here]
Anyhow, I don't intend to hijack this thread but perhaps I could suggest to the OP that SSH tunneling may be of use if you're not specifically looking to deploy a true VPN and are extra-concerned about security (e.g. connecting via open public wifi, etc)?
OpenSSH is shipped as part of nearly every Unix-like OS nowadays, is simple to configure for TCP forwarding (usually enabled by default on most distros) and is easily understood from a security standpoint. It requires no specific support from the iOS network stack since everything is done in the application layer.
Currently there are two iOS apps I'm aware of that support arbitrary SSH tunnels: iSSH and Remoter (actually a VNC app but allows creating tunnels). The idea is you first log in to your Linux box via SSH using one of these app to create a tunnel. Then launch your second app and point it to localhost and a predefined port to use the encrypted tunnel. Currently no iOS SSH client I've seen supports OpenSSH's SOCKS proxying feature, so you're limited to creating statically defined tunnels, but it's still quite usable.
Of course, there are a number of limitations with this approach that prevent it from ever replacing a true VPN setup, the biggest of which are: A current iOS limitation that requires you to 'refresh' the SSH tunnel every 10 min, the fact that you can only use TCP connections through it (eliminating many streaming and VOIP apps), and that it takes a pretty good understanding of how SSH works when setting things up on the iPad side.
