And not just the IKE daemon and certificate stuff; also the kernel
pieces (ESP etc.). If so, is this a crazy thing to do?

I'm trying to figure out if I can construct a FIPS-approved IPsec
implementation for a government customer.

Thanks for any help.

Jim Knoke

**********
The information contained in this communication is confidential and privileged proprietary information intended only for the personal and confidential use of the individual or entity to whom it is addressed. If you are not the addressee indicated in this message (or an agent responsible for delivery of the message to such person), you are hereby notified that you have received this communication in error and that any review, dissemination, copying or unauthorized use of this message is strictly prohibited. In such case, you should destroy this message and kindly notify the sender by email.

Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of Cryptek shall be understood as neither given nor endorsed by it. It is Cryptek's policy that emails are intended for and should be used for business purposes only.
**********