[Ipsec-tools-users] ipsec-tools and Fedora 7: initialization at boot? non-stardard setup

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

(I accidentally sent this to the ipsec-tools-devel list; I hope they put it
the same place they drop their other Viagerian spam!  Sorry. :)

I'm new to the ipsec-tools, but a semi-old hand at Linux networking.   I
have a VPS with a static IP on the internet that I'm using as primary DNS
and mail relay for our domain.  Our office network is on DSL with a dynamic
IP.  Essentially, we are trying to do a setup that's the opposite of the
roadwarrior setups described in the ipsec-howto (subnet behind the dynamic
IP rather than the static IP), so the actual setkey and racoon
configurations are fairly straight-forward.

The problem I'm running into is, there is no provision in the Fedora
networking scripts
(/etc/sysconfig/network-scripts/{ifup-ipsec,ifcfg-ipsec0}) for configuring a
'remote anonymous' setup.  The ipsec-tools package doesn't include any
provisions for an init script to fire things up, either.

Question is, before I go hacking things (I prefer a light touch on my
systems, since the distro developers tend to know what they're doing more
often than I do ;), is there a tried-and-true solution to this problem, or
should I just boldly go hacking and burning my way through this problem?
Thanks for any advice.

       John