>A bigger question of mine stems from trying to make my box dance
>the happy dance with a cisco switch using pre-shared keys. The keys
>on the router are 32-characters in length, but setkey barfs on
>anything larger than eight keys; I'm quite confused since
>they both say they're using des-cbc.

	if cisco document mentions "pre-shared key", that is for use with
	IKE (ipsec key negotiation protocol).  you need to bring in
	pkgsrc/security/racoon.

	setkey is for "manual keys" (<-> automatic negotiation by IKE).

itojun