Presently I communicate with my home NetBSD workstation from my office
WindowsXP desktop using the terminal emulator PuTTY, which does ssh
encryption.  The workstation at home is behind an ipfilter/NATing firewall.
At work there is a very strict policy that our PCs cannot be connected
directly on the LAN and must be behind a commercial router, which is
supplied by the employer and cannot be accessed by employees to change
settings, etc.  Apparently the router looks to the outside world as a
fixed global ipv4 machine since I can use its IP address for filtering/
NATing on the firewall at home.  Otherwise the work LAN is totally a
black box.

What I'd like to do is add a layer of security so that someone cannot
get packets through the firewall by spoofing my work IP address.  Ipsec
seems like the way to go, but even after reading http://www.netbsd.org/
Documentation/network/ipsec/ I cannot figure out where to start.

I was thinking that transport mode would work, and I don't think it
would be too hard to configure the NetBSD side at home, but I have no
idea what to do on the workplace side.

Any help, pointers, suggestions much appreciated.

-- 
henry nelson
  WWW_HOME=http://yuba.kcn.ne.jp/~home/