The “TL;DR” summary of what follows below is: If you configure your IPsec based VPN properly, you are not affected. Always use Perfect Forward Secrecy (“pfs=yes” wich is the default in libreswan IPsec) and avoid PreSharedKeys (authby=secret which is not the default in libreswan IPsec). If you really need to use PSK, use a strong shared secret that cannot be brute forced. The NSA has their own version of IKEcrack running on millions of dollars worth of CPU’s. Also, the NSA sneaks into your router to steal your PSK’s so they can decrypt all your traffic.
On the Cryptography mailing list, John Gilmore (co-founder of pioneering ISP The Little Garden and the Electronic Frontier Foundation; early Sun employee; cypherpunk; significant contributor to GNU/Linux and its crypto suite; and all-round Internet superhero) describes his interactions with the NSA and several obvious NSA stooges on the IPSEC standardization working groups at the Internet Engineering Task Force. It's an anatomy of how the NSA worked to undermine and sabotage important security standards. For example, "NSA employees explicitly lied to standards committees, such as that for cellphone encryption, telling them that if they merely debated an actually-secure protocol, they would be violating the export control laws unless they excluded all foreigners from the room (in an international standards committee!)."
===============================
http://thread.gmane.org/gmane.technology.liberationtech/1185
La page travaux DN42 de la Fédération FDN, pour ceux que ça intéresse.
DN42 est un réseau overlay, dans lequel on utilise les mêmes protocoles que sur Internet (routage inter-AS réalisé avec BGP, DNS, whois, etc).
C'est le moyen de jouer avec des techniques qu'on met en place lorsqu'on crée un FAI
DN42 : http://dn42.net/
Ancien wiki : http://dn42.volcanis.me/initenv.1.html
Wiki : http://dn42.net/pages