  * Coondog uses 'setkey' to read the SPD and SAD databases in the 
    kernel when checking the VPN status. This is a very cpu 
    expensive operation to do repeatedly, even if only once every
    four seconds. On my 1.8 Ghz P4 laptop it causes noticable 
    instants of lag when the check is performed.
    I wish that the kernel had a facility like the /kernel/ipsec file
    some BSD kernels, but I am not sure if this more direct access
    would solve the problem.
  * Only one host/network policy per VPN.
  * No support for certificates yet. Only PSK authentication is 
    supported.
