about NAT and IPsec.  do people have trouble with outgoing IPsec
	traffic from NAT device, or inbound IPsec traffic into NAT device?

	if it is the inbound traffic, i may have a workaround.  however, with
	the workaround the risk of kernel stack overflow gets much higher.
	(for example, i can paste many ESP headers onto a single packet to
	make your kernel stack bomb)  I will make a patch for it.

itojun