NRL IPsec code (including the cisco ISAKMP daemon ported across
to work with it) is available from:
	http://web.mit.edu/network/isakmp/

Note that this is pre-ported to NetBSD because NRL supports NetBSD
directly with the NRL IPsec code.  NRL has supported NetBSD directly
with IPsec since early 1996.  NRL is adding FreeBSD support to its
IPsec code (in progress now).  NRL has long supported other *BSD
platforms such as BSDI.

Since NRL had VPNs based on tunnel-mode ESP working in 1995 on *BSD, 
its safe to say they'll work today.  Unlike most of the other IPsec
implementations, the NRL code actually has all of the safety checks
to prevent "tunnel-mode spoofing attacks" and other implementation
issues.

Ran
rja@inet.org