This is how I use vpnd to connect from home to office with a dynamic IP 
internet dialup connection (analog modem). For german readers: this is a 
T-Online connection.
Im running a linux 2.2.13 kernel, diald and pppd for the internet connection
and vpnd for the secure network link between home and office. The system
is secured by a ipchains firewall setup.
Important: if you run a 2.0.x kernel you will have to remove the 'ipchains'
commands and replace them with equivalent 'ipfwadm' commands, furthermore
you will have to remove the 'autoroute' statement from the vpnd
configuration file(s).
Note: the firewalling configuration shown here is supposed to be used
only as an example, configure firewalling according to the requirements
of your own system!
The version of diald is unknown, pppd is version 2.3 patch level 5 and
vpnd is version 1.0.3.
Blurring: obviously I changed the vpnd.key file (just edit it to see what
I mean). Furthermore I replaced the domainname of of the remote domain
with some.domain and the remote official class C network with a.b.c,
all other IPs are left untouched ad the only show private networks.
Finally I didnt include any account information of my internet dialup
account.
Now, assume this directory to be the root directory of your system.
then you will find in /etc/rc.d the script ipchains which is used to
set up the firewall directly after network start but before any routing
is done. I included this file to give you some hints what to do with
your firewall on the one hand and as it is required as a base for
the dynamic IP firewall setup on the other.
Then have a look at /etc/diald.conf, everything required for diald is
in this file, you may just start diald with no parameters. When diald
has established its slip interface or when diald is about to delete the
slip interface the /etc/diald.add script (which is the same as /etc/diald.del)
is called by diald.
The diald.add/diald.del script takes care of enabling/disabling the TCP
socket local address change feature in the kernel, proper routing
setup including a priority route to the vpnd server (note the metrics!)
and a very lax firewall setup for the proxy slip device. vpnd is started
and stopped from this script, too.
When diald then establishes a connection it uses the chat utility and the
/etc/t-online.chat script (T-Online is a german provider). After a connect
pppd is started which then reads /etc/ppp/options (see pppd man pages)
and looks for the password to the userid contained in the options
file in the /etc/ppp/*secrets file (use pap-secrets for T-Online).
When pppd has established the dynamic IP connection /etc/ppp/ip-up is called,
when the connection is about to be closed, /etc/ppp/ip-down is called.
In my case both scripts are the same. It takes care of firewall and
routing setup (see again metrics!!!) including the priority route
to the vpnd server and it contains a workaround for a ppp interface
unconfig bug which may cause some networking malfunction.
When you look at the /etc/vpnd.conf and /etc/diald.conf files youll
find timing adjustments between both configurations. vpnd will
always close the TCP connection for the peer before diald causes
pppd to close the internet connection.
Finally Im using bind 8.2 (get it from www.isc.org) as my nameserver.
See /etc/named.conf and /var/named/*.conf on how to set up a nameserver
that is a secondary nameserver for some domains but that does never
automatically update these zones (german internetting is damned expensive
still, if Id use it as possible in the U.S. it isnt between $20 to $40
a month but more like $400 a month so I want to keep my system as
quiet as possible until prices are reasonable in a few years).
Oh, I forgot: the /etc/vpnd.server.conf file is the vpnd configuration
running on the server side.
