A client method would be okay, but it generally has more to do with the type of encryption you're using, type of tunnel that you're creating (standard ipsec or GRE), and the type of applications that are going across the tunnel.
If you have client software, the latency "could" be higher if taking into account the overhead of the operating system that it's on, free memory, other applications running, etc. On the other hand, you only have one system using the tunnel.
For site-to-site, you'll have to contend with how many other people are using applications across the tunnel, what the encryption method is, the type of tunnel you've created, if you're using split-tunneling, etc.
If you don't use split-tunneling, then all of your applications will go through the tunnel including web browsing. It's recommended for security purposes to disable split-tunneling because you have more control over what comes through your edge presence as opposed to having every client with their own edge presence.
HTH,
John
HTH,
John
*** Please rate all useful posts ***