>http://www.netbsd.org/Documentation/network/ipsec/#ipf-interaction
>you mean ipf + ipnat?

	ipnat is part of ipf.

>So when just applying transport mode (with only esp)
>in the release branche shouldnt be a 
>problem, even not with nat?

	for transport mode, there will be less problem.  the only problem
	i can think of is that, you cannot classify the following packet
	as "tcp packet" in ipf rule, since ipf does not chase header chain:
		IP AH TCP payload

itojun