This document discusses how to set up an encrypted IPsec VPN tunnel between two FreeBSD endpoints. It involves: 1. Configuring IPsec in the FreeBSD kernel and installing the ipsec-tools port. 2. Defining IPsec security policies to encrypt traffic between the endpoints in a setkey.conf file. 3. Configuring the racoon IKE daemon on each endpoint using racoon.conf files and a pre-shared key to negotiate the IPsec connection. 4. Validating that encryption is working by looking for ESP records in tcpdump output and checking the SAD tables.