Henry Nelson wrote:
> 
> What I'd like to do is add a layer of security so that someone cannot
> get packets through the firewall by spoofing my work IP address.  Ipsec
> seems like the way to go, but even after reading http://www.netbsd.org/
> Documentation/network/ipsec/ I cannot figure out where to start.
> 
> I was thinking that transport mode would work, and I don't think it
> would be too hard to configure the NetBSD side at home, but I have no
> idea what to do on the workplace side.
> 
> Any help, pointers, suggestions much appreciated.

try openvpn the documentation proved clearer to me. After spending time 
reading all their docs I could configure a working system with client 
and server certs within 10mins. You may need to recompile your kernel 
with routing support and tunnel interface driver.

ftp://ftp.netbsd.org/pub/NetBSD/packages/pkgsrc/net/openvpn/README.html
http://openvpn.net/

Simon