Can anyone advise me on the easiest way to do this? Should I continue using OpenSwan? Is there a good HOWTO for this, or will I be the guy that writes it? (Assume I know everything on http://www.wlug.org.nz/26sec :)
I think you might be the guy that writes it as the official Wiki for Linux networking (http://linux-net.osdl.org) is pretty bad on security right now!
That site is probably a bit low-level; http://www.ipsec-howto.org/ is also missing useful information.
Any suggestions? Michal, are you still around, and is this right in your area of expertise? :)
One thing I do suspect you will need is a very recent kernel as things necessary for this such as connection tracking only really got much attention in 2.6.17. Apart from that I can't offer much help.
If I was going to use a kernel that recent I'd just patch klips in. :) As it is the end point, I shouldn't need to use connection tracking. Will see though. Thanks for the headsup. Craig