ike-scan discovers IPsec VPN servers, and can fingerprint them using UDP backoff and Vendor ID fingerprinting techniques. It supports IKE Main Mode and Aggressive Mode. ike-scan allows flexible specification of the outgoing IKE packet, and decodes the response packets. It also supports pre-shared key cracking for IKE aggressive mode with pre-shared key authentication.
The MiniUPnP project is a library and a daemon. The library is aimed to enable applications to use the capabilities of a UPnP Internet Gateway Device present on the network to forward ports. The daemon adds the UPnP Internet Gateway Device functionality to a NAT gateway running OpenBSD/NetBSD/FreeBSD/Solaris with PF/IPF or Linux 2.4.x/2.6.x with netfilter. One of its most interesting features is to enforce some permissions to allow or deny redirections, bringing some security to UPnP. Newer versions also support the NAT-PMP protocol from Apple.
Yxorp is a reverse proxy for HTTP. All the fields in requests can be checked and modified by rules. Load balancing, virtual hosting, multiple TCP ports, and SSL are supported. The configuration can be modified on-line. Yxorp can be used to protect Web sites, place pages behind a login, rewrite URLs, etc.
AlmostVPN is an SSH tunnel manager with a twist. It is packaged as a Preference Panel, so you do not have to use yet another application to configure your tunnels. Instead, it uses creative network configuration techniques to provide almost VPN-like access to remote services, so you can keep using real IP addresses and port numbers while accessing service on the other side of your tunnels. It provides a simple way to mount remote volumes, use remote printers and faxes, access iTunes, iPhoto, and almost any other Bonjour-based application, transfer and execute files, and more.
Firetero is a firewall for a single computer. The default setup works for a typical workstation. For a server, a sample configuration is available for most common daemons. Firetero uses the iptables syntax for rule definitions, has a standard /etc/init.d start script, and offers a rules.d directory for integration with other packages.