I currently am running openswan on debian 5 and would like to create a new instance with debian 6 and the latest version of openswan.
It is not an overly simple setup. We have a few site-to-site ipsec vpn's and one setup for roadwarriors all using certificates.
I would like the authentication to move from the current (old) samba domain controller to our new Active Directory dc. Also I would like to enable the possibility of using mac clients for the roadwarriors - I believe our current setup requires a machine certificate change for this to happen.
As it is all certificate based - I would like the least amount of disruption as possible.
There is also a ipip tunnel setup directly to the iptables firewall which would need to be recreated.