Thu Aug 18, 2011 8:05 pm
We have been using pptp with good results. We have the same problem as you do. Trying to open ports through
existing routers like ADSL, cable modems, or FIOS modems that we don't own or control is a problem.
Each MT router we ship out initiates a pptp connection back to our HQ MT router. We give each remote router its own pptp client username and the HQ router assigns a unique IP address to the remote based on that username. We use a private subnet like 192.168.80.0/24 just for this purpose.
Once we see the pptp link is up from a remote site, we can tunnel in and put our local computer on the remote's subnet and then access the "foreign" router as if we were local. Our customers usually know their own password, but are not able to open ports. Also, the carrier-provided devices usually all have the same username and password available when accessed from the local lan.
I only use ipsec to link remote sites that already use ipsec for other purposes.
Hope this helps. I'd like to hear what others think about this.