I've always had trouble with FreeS/WAN breaking at kernel upgrades, but now that 2.6 is coming we're getting native IPsec support (albeit FreeS/WAN seems to claim Opportunistic Encryption won't be supported?). We seem to have a curious situation here. The majority of systems out there now support IPsec (NT/Win2K/XP; OS X), but there's very little interoperability. Particularly, there is no support for ad hoc encryption as default, without going through a lot of jumping through hoops (why should I be required to be able to publish DNS records just to have an encryption link?). Are there technical reasons for this situation? If yes, what is required to enable IPsec default interoperability at least with open source OSses? -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE