Are there any reasons why current systems (whether OpenSource or not) don't ship with opportunistic IPsec out of the box? FreeS/WAN is really easy to set up, and such, but why having to do BIND juggling and extra installation steps. What are the reasons, crypto restrictions?