I'm new to the ipsec-tools, but a semi-old hand at Linux networking.   I have a VPS with a static IP on the internet that I'm using as primary DNS and mail relay for our domain.  Our office network is on DSL with a dynamic IP.  Essentially, we are trying to do a setup that's the opposite of the roadwarrior setups described in the ipsec-howto (subnet behind the dynamic IP rather than the static IP), so the actual setkey and racoon configurations are fairly straight-forward.

The problem I'm running into is, there is no provision in the Fedora networking scripts (/etc/sysconfig/network-scripts/{ifup-ipsec,ifcfg-ipsec0}) for configuring a 'remote anonymous' setup.  The ipsec-tools package doesn't include any provisions for an init script to fire things up, either.

Question is, before I go hacking things (I prefer a light touch on my systems, since the distro developers tend to know what they're doing more often than I do ;), is there a tried-and-true solution to this problem, or should I just boldly go hacking and burning my way through this problem? Thanks for any advice.