i'd been surveying the vpn offerings from companies like Tunnel Bear, Private Internet Access and Strong VPN. after boiling down my use cases to exactly one immediate need/desire, I decided to roll my own.
that use case is getting secure browsing when connecting mobile devices to any wifi that isn't the one in my house.
happily, my new Asus router has a PPTP server built-in. and unlike my adventures in dd-wrt land, i was able to get this vpn server working.
though PPTP isn't the most secure vpn, i think with what the asus has onboard, it will be secure enough for my purposes. for encrypted authentication, it has chap v1 and v2; i configured the router to leave that at "auto". for encrypted traffic, i selected MPPE 128-bit.
the router also allows config for dynamic dns. that's the "almost free" part -- last month, dyndns finally stopped offering free service, now it's $20/year. leave it to me to not sign up until immediately after their policy change.
on the ios side, i was able to use the dyndns account to connect, but my authentication kept failing. turns out, my 18-character password was a bit much, so i knocked it down to 16-characters and i could now authenticate (i've yet to find documentation about password length, so there was some trial/error in here. it might also be why i couldn't get the dd-wrt vpn to work).
the last bit to solve was that, even though i was connected, i could not load anything from the internet. that was solved by disabling the option on the router vpn page that said "connect to DNS servers automatically" and instead hard-coding the DNS entries for my ISP.
after that, i could connect from my iphone and get internet. the speeds are reasonable, too. over 4g, i usually get around 1 megabit download, but saw 3.7 Mbps download yesterday. (frankly, i'm surprised AT&T's 4g allowed that).
someday, when i need more vpn capability, i'll probably re-investigate Tunnel Bear and the others, but for now i've got what i need.