diff --git a/security/vpnc/Makefile b/security/vpnc/Makefile
new file mode 100644
index 00000000000..38b67c20723
--- /dev/null
+++ b/security/vpnc/Makefile
@@ -0,0 +1,39 @@
+# $OpenBSD: Makefile,v 1.1.1.1 2004/05/14 13:34:51 sturm Exp $
+
+COMMENT=		"client for Cisco 3000 VPN concentrators"
+
+DISTNAME=		vpnc-0.2-rm+zomb.1
+CATEGORIES=		security net
+
+HOMEPAGE=		http://www.unix-ag.uni-kl.de/~massar/vpnc/
+
+MAINTAINER=		Nikolay Sturm <sturm@openbsd.org>
+
+# GPL
+PERMIT_PACKAGE_CDROM=	Yes
+PERMIT_PACKAGE_FTP=	Yes
+PERMIT_DISTFILES_CDROM= Yes
+PERMIT_DISTFILES_FTP=	Yes
+
+MASTER_SITES=		${HOMEPAGE}
+
+LIB_DEPENDS=		gcrypt.12:libgcrypt->=1.2:security/libgcrypt
+
+USE_GMAKE=		Yes
+NO_REGRESS=		Yes
+
+ALL_TARGET=		vpnc
+
+do-configure:
+	@perl -pi -e "s,/etc,${SYSCONFDIR},g" ${WRKSRC}/{README,vpnc.c,vpnc.8}
+	@sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/vpnc.sh > ${WRKBUILD}/vpnc.sh
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKBUILD}/vpnc ${PREFIX}/sbin
+	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/vpnc
+	${INSTALL_DATA} ${WRKBUILD}/README ${PREFIX}/share/doc/vpnc
+	${INSTALL_DATA_DIR} ${PREFIX}/share/examples/vpnc
+	${INSTALL_DATA} ${WRKBUILD}/vpnc.conf ${PREFIX}/share/examples/vpnc
+	${INSTALL_DATA} ${WRKBUILD}/vpnc.sh ${PREFIX}/share/examples/vpnc
+
+.include <bsd.port.mk>
diff --git a/security/vpnc/distinfo b/security/vpnc/distinfo
new file mode 100644
index 00000000000..9d1709deb5c
--- /dev/null
+++ b/security/vpnc/distinfo
@@ -0,0 +1,3 @@
+MD5 (vpnc-0.2-rm+zomb.1.tar.gz) = ded67de747874c4245ed8405146dc94a
+RMD160 (vpnc-0.2-rm+zomb.1.tar.gz) = 6befdb8ee3a8efd43a7be8c3a5688a56e2194f63
+SHA1 (vpnc-0.2-rm+zomb.1.tar.gz) = 155f15bd886207e177f8d611de72a9f70819db5a
diff --git a/security/vpnc/files/vpnc.sh b/security/vpnc/files/vpnc.sh
new file mode 100644
index 00000000000..0775ca0fa86
--- /dev/null
+++ b/security/vpnc/files/vpnc.sh
@@ -0,0 +1,29 @@
+#! /bin/sh
+
+TUN_IF=tun0
+PREFIX=%%PREFIX%%
+VPNGATEWAY=192.168.0.1
+
+case "$1" in
+start)
+	dhclient wi0
+	DEFAULTROUTER=`route -n show -inet | grep default | awk '{ print $2 }'`
+	${PREFIX}/sbin/vpnc || exit 1
+	TUN_IP=`ifconfig ${TUN_IF} | grep netmask | awk '{ print $2 }'`
+	route add -host ${VPNGATEWAY} ${DEFAULTROUTER}
+	route delete default
+	route add default -interface ${TUN_IP}
+	;;
+stop)
+	route delete -host ${VPNGATEWAY}
+	pkill vpnc
+	pkill "dhclient wi0"
+	ifconfig wi0 down
+	;;
+*)
+	echo "Usage: `basename $0` {start|stop}" >&2
+	exit 1
+	;;
+esac
+
+exit 0
diff --git a/security/vpnc/patches/patch-Makefile b/security/vpnc/patches/patch-Makefile
new file mode 100644
index 00000000000..e61ea866cad
--- /dev/null
+++ b/security/vpnc/patches/patch-Makefile
@@ -0,0 +1,16 @@
+$OpenBSD: patch-Makefile,v 1.1.1.1 2004/05/14 13:34:51 sturm Exp $
+--- Makefile.orig	2003-12-05 16:19:17.000000000 +0100
++++ Makefile	2004-04-18 14:34:09.000000000 +0200
+@@ -15,9 +15,9 @@
+ # along with this program; if not, write to the Free Software
+ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ 
+-CC=gcc
+-CFLAGS=-W -Wall -O -g '-DVERSION="$(shell cat VERSION)"' $(shell libgcrypt-config --cflags)
+-LDFLAGS=-g $(shell libgcrypt-config --libs)
++CC?=gcc
++CFLAGS+=-W -Wall '-DVERSION="$(shell cat VERSION)"' $(shell libgcrypt-config --cflags)
++LDFLAGS+=$(shell libgcrypt-config --libs)
+ 
+ ifeq ($(shell uname -s), Linux)
+ SYSDEP=sysdep-linux.o
diff --git a/security/vpnc/pkg/DEINSTALL b/security/vpnc/pkg/DEINSTALL
new file mode 100644
index 00000000000..ee3137f38b1
--- /dev/null
+++ b/security/vpnc/pkg/DEINSTALL
@@ -0,0 +1,25 @@
+#!/bin/sh
+# $OpenBSD: DEINSTALL,v 1.1.1.1 2004/05/14 13:34:51 sturm Exp $
+#
+# xhippo de-installation
+
+set -e
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+PREFIX=${PKG_PREFIX:-/usr/local}
+CONFIG_FILE=${SYSCONFDIR}/vpnc.conf
+
+if [ ${PKG_DELETE_EXTRA} != Yes -a -f $CONFIG_FILE ]; then
+    echo
+    echo "+---------------"
+    echo "| To completely deinstall the $1 package you need to perform"
+    echo "| this step as root:"
+    echo "|"
+    echo "|           rm -f $CONFIG_FILE"
+    echo "|"
+    echo "| Do not do this if you plan on re-installing $1"
+    echo "| at some future time."
+    echo "+---------------"
+    echo
+fi
+
+exit 0
diff --git a/security/vpnc/pkg/DESCR b/security/vpnc/pkg/DESCR
new file mode 100644
index 00000000000..1b782f7c3d9
--- /dev/null
+++ b/security/vpnc/pkg/DESCR
@@ -0,0 +1,6 @@
+A VPN client compatible with Cisco's EasyVPN equipment.
+
+Supports IPSec (ESP) with Mode Configuration and Xauth.  Supports only
+shared-secret IPSec authentication, 3DES, MD5, and IP tunneling.
+
+It runs entirely in userspace.
diff --git a/security/vpnc/pkg/INSTALL b/security/vpnc/pkg/INSTALL
new file mode 100644
index 00000000000..1e4ec27f2e8
--- /dev/null
+++ b/security/vpnc/pkg/INSTALL
@@ -0,0 +1,65 @@
+#!/bin/sh
+# $OpenBSD: INSTALL,v 1.1.1.1 2004/05/14 13:34:51 sturm Exp $
+#
+# Pre/post-installation setup of vpnc
+
+# exit on errors, use a sane path and install prefix
+#
+set -e
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+PREFIX=${PKG_PREFIX:-/usr/local}
+CONFIG_FILE=${SYSCONFDIR}/vpnc.conf
+SAMPLE_CONFIG_FILE=$PREFIX/share/examples/vpnc/vpnc.conf
+
+do_notice()
+{
+    echo
+    echo "+---------------"
+    echo "| The existing $1 configuration file, $CONFIG_FILE,"
+    echo "| has NOT been changed.  You may want to compare it to the"
+    echo "| current sample file, $SAMPLE_CONFIG_FILE,"
+    echo "| and update your configuration as needed."
+    echo "+---------------"
+    echo
+}
+
+do_install()
+{
+    install -o root -g wheel -m 644 $SAMPLE_CONFIG_FILE $CONFIG_FILE
+    echo
+    echo "+---------------"
+    echo "| The $1 configuration file, $CONFIG_FILE,"
+    echo "| has been installed.  Please view this file and change"
+    echo "| the configuration to meet your needs."
+    echo "+---------------"
+    echo
+
+}
+
+# verify proper execution
+#
+if [ $# -ne 2 ]; then
+    echo "usage: $0 distname { PRE-INSTALL | POST-INSTALL }" >&2
+    exit 1
+fi
+
+# Verify/process the command
+#
+case $2 in
+    PRE-INSTALL)
+	: nothing to pre-install for this port
+	;;
+    POST-INSTALL)
+	if [ -f $CONFIG_FILE ]; then
+	    do_notice $1
+	else
+	    do_install $1
+	fi
+	;;
+    *)
+	echo "usage: $0 distname { PRE-INSTALL | POST-INSTALL }" >&2
+	exit 1
+	;;
+esac
+
+exit 0
diff --git a/security/vpnc/pkg/PLIST b/security/vpnc/pkg/PLIST
new file mode 100644
index 00000000000..469b8d26f03
--- /dev/null
+++ b/security/vpnc/pkg/PLIST
@@ -0,0 +1,9 @@
+@comment $OpenBSD: PLIST,v 1.1.1.1 2004/05/14 13:34:51 sturm Exp $
+sbin/vpnc
+share/doc/vpnc/README
+share/examples/vpnc/vpnc.conf
+share/examples/vpnc/vpnc.sh
+@dirrm share/examples/vpnc
+@dirrm share/doc/vpnc
+@cwd ${SYSCONFDIR}
+@extra vpnc.conf
diff --git a/security/vpnc/pkg/SECURITY b/security/vpnc/pkg/SECURITY
new file mode 100644
index 00000000000..19bd8e6ac79
--- /dev/null
+++ b/security/vpnc/pkg/SECURITY
@@ -0,0 +1,5 @@
+Neither is this program an example of secure coding style, nor is the
+XAUTH mechanism, used in Cisco 3000 VPN Concentrators, an example of
+a secure authentication protocol.
+
+http://www.securityfocus.com/archive/1/360396/2004-04-13/2004-04-19/0