AIUI, if you have a standard NAT router, then the only way in from the outside will be .... 1/2/3
Indeed, you are quite correct.
Re:1 ... My favourite tool of the moment for that sort of thing is TeamViewer....
Re:2 ... Agreed.
Re:3 ... I believe you're thinking about UPNP or similar
result in the app trying to do plaintext logins (pop3, ftp, htaccess, etc)
True, although most have the option to mandate encrypted comms.
If the RDP client on the Ipad can be forced to use only a VPN, that is OK, but what if not?
Two factor authentication. Then even if your "password" leaks in plaintext, it's single-use only and only valid for 60 seconds or so anyway.
VPNs are notoriously unreliable, especially on a GPRS/3G connection
Agree with you on the latter,but not the former.
Would be tempted to point out that even on the latter, it's not the VPN that's at fault but the network technology.
VPNs are great. Although you'll generally get best stability from hardware implementations rahter than software on your local machine. Boxes such as Juniper's firewalls can ping and automatically reconnect to an alternate VPN endpoint if the primary goes down with minimal downtime.
It also depends what your VPN is connected on and to. If it's a flaky, rate limited, packet shaped ADSL connection then of course you'll have issues.
Personally I'd take IPSec VPNs over SSL VPNs any day !
