I have written a script to painlessly set up fully secured encrypted network traffic between systems on a small LAN or home network. Although more specialized than other IPSec solutions such as SWAN or Racoon, it does provide for the common use case of securing otherwise sensitive protocols such as nfs, dns, web based device configuration pages, and samba that are often sent in the clear or with minimal authentication.
Network security has always been something of a pain, different protocols require completely different systems that must be independently learned and implemented. A signed certificate for https, a kerberos server for secure NFS, the woefully uncommon DNSSEC for DNS as well as many protocols that have no easy way to add security other than piggybacking on something such as SSH or stunnel.
IPSec makes all of this a non-issue. All traffic between hosts is encrypted and verified, no matter what the underlying protocol is. The encryption and verification is done in the kernel and is fully transparent to apps. Unfortunately, it also can be a bit complicated to set up in general due to the need for a daemon to handle the public key exchange, However for the common case of secure communications within a LAN between known hosts a lot of the usual complications can go away since you can pre-distribute the keys beforehand resulting in a simpler setup. I have written a script to automate this process.