I'm working with a client that currently uses OpenBSD.  I asked them "why?"
recently, and got this answer:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When we stargted the design 4 years ago, there was no other choice: We
wanted IPSec and IKE, and:

 1) OpenBSD was at that time the only free platform which implemented
    IPSec/IKE

 2) We looked at buying a commercial implementation, but it was $100K+

Since then, NetBSD and FreeBSD have got IPSec support from the KAME
work and OpenBSD IKE has been ported to all free OSes.

However, OpenBSD is still very strong in the networking area. For example,
it has a firewall package (PF - packet filter) which is 3x better than
anything else that you can find for NetBSD, FreeBSD or Linux.

And we will need to run a firewall on that device. In addition, having
already ported part of OpenBSD once for our product, I'm very familiar
with the code.

Also, OpenBSD release engineering cycle is much better than NetBSD one.
There is an OpenBSD release every 6 month, in December and June. Each
release is of high quality, so it's very easy to plan your upgrades,

Basically, we use OpenBSD for our networking tasks, like our encryption
servers.

On the other end, OpenBSD is not very strong outside networking tasks and
basic internet services like www, ftp, bind: There is no recent JVM
available for OpenBSD, no Oracle port, and using OpenBSD as a workstation
is a disaster.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Now,

1) is IPSec/KAME as good as or better than IPSec/IKE ?  Or do people use
   the IPSec/IKE port on NetBSD?

2) Is the OpenBSD "PF" really 3x better than anything else?

3) is NetBSD firewalling better/worse/same as OpenBSD firewalling?

4) How different is OpenBSD from NetBSD when porting to a new arch?


Thanks for that and any other arguments I can use to persuade them to use
The Right OS ...

-Mike