This may be obvious, but you need to consider, exactly, your needs.
The things that encrypt at the IP layer still allow traffic analysis
to go on, if you've got a really dedicated listener. If you just need
to protect the details of the data inflight, they're fine.
If you really need secure communications, doing something like
PPP over an encrypted TCP stream, and adding random noise by sending
(say) pings over the same channel at intervals determined by a strong
random number generator would probably be better.