Not sure about tinc but IPSEC is almost mandatory. No serious business would trust PPTP.
Not sure how IPSEC affects routing. A tunnel is a tunnel is a tunnel regardless of the encryption. You'll be running into the same issues re: split tunnel or not, getting customers to understand the concept / oh look a particular customer's LAN IP clashes with the VPN pool you've picked, etc.
Sounds like you're aiming at SME market (individual servers, direct login etc.) so that rules out more sophisticated solutions, but I'll list two possible approaches anyway
some kind of VPN concentrator that allows profiles. All customers login to VPN concentrator then depending on their profile/group/whatever vendor teminology, get permissions to use protocol X to IP Y (ie their own server).
Cisco ASR1000V virtual routers - each customer gets one, you can then run direct IPSEC tunnels (with VTIs so makes routing appear easy) or even direct MPLS back to the customers so the router appears as just another branch in their topology, then allocate your VNICs VLANs etc. on the inside so they get a nice virtual 'branch'.
a smaller scale version of the above, we've used monowall to great effect for this purpose (i.e. each customer gets a layer 3 virtual device that acts as a router/firewall, they VPN into this device and get access to their VLANs only), however then each router/firewall needs their own public IP address.
Re: your current approach, you do realise then each server needs a public IP or you have a complicated and convoluted system of NATs where each customer's VPN path gets allocated a single port or similar.
I'd recommend getting a full time networker in to look over any design / proposal you have, it sounds like you're coming at it from a server background.
It is possible to take calls from any location because, the mobile phone keeps the network/cellular operator informed about its location. This in-turn enables the mobile operator to route the calls to you anywhere.
HLR is the most important database maintained by the operator. The subscriber info is created by the operator in HLR at the time of purchase of subscription by an user.
VLR is a database that contains temporary information about the subscriber. It is used to service the visiting subscribers.
Location area refers to group of cells. If the mobile moves from one location area to a cell in different location area, it shall perform a location update to the network/cellular operator about its location. The mobile performs a location update to inform the operator about its exact location by checking the location area of the old cell and new cell. If the location area is different, the mobile will definitely perform a location udpate.
In the new location area, the VLR shall check its database for the subscriber information for authentication. If the subscriber information is not present in its database, it shall check with the HLR and get the copy of the subscription information via the location update. In this entire process, only a copy is made available to VLR and the HLR will not delete the subscriber information. The HLR shall infact update its records such that the subscriber information is updated with current VLR serving the mobile.
In scenario where a mobile moves from first VLR(eg - first location area) to a cell in second VLR(eg - second location area), the subscriber information that was copied into the first VLR shall be deleted once the mobile moves out of that first location area and the subscriber information in the recent VLR(second VLR) shall be retained. Once the mobile moves towards the second VLR (second location area), the HLR shall request the first VLR(old VLR) to remove the subscriber record. Note that only the subscriber information in the first VLR(old VLR) is deleted. The HLR updates its database with the current VLR serving the mobile.
From the above scenarios, you will observe that addition/deletion of subscriber info happens in VLR and only updation of subscriber info happens in HLR.
However, the HLR data is stored only as long as the subscriber uses the service of the cellular operator. That is, if the user opts to move with different cellular operator due to an attractive plan or any other reason, then obviously it implies that he is closing his subscription and only in that case, the subscriber information shall be deleted from HLR.
Best Answer
Your mobile provider will be able to link your SIM card with your IP address and you data. This helps with routing, billing, service selection, optimisation, and child-protection. This is all loggable and whether or not government agancies have access to this data is a matter for local legislation.
The VPN will be linked to your SIM card but the data streams within the VPN are protected. A VPN will give you the level of security inherent in the end-points and the protocol.
If you want to be paranoid, how much do you trust your browser for instance? Have you recently checked your certificate store?