Many DSL routers and WiFi products now support IPsec. These devices should be able to connect to Openswan. Some of them might be limited to pre-shared key connections, but more and more devices now offer support for X.509 Certificates. We will discuss a few commonly used products.
ZyXEL makes products ranging from end-user DSL routers with IPsec support to dedicated firewall/VPN products.
Some versions of the ZyXEL firmware seem to exhibit a bug at rekey or IPsec SA deletion. The problem is that the ZyXEL units seem to delete the Phase 2 sixty seconds after the deletion of Phase 1, even if one of them has not yet expired. The problem is that during these sixty seconds, Openswan still uses the Phase 2, since it did not get deleted, but the ZyXEL assumes that the Phase 2 is dead. No packets will flow during these sixty seconds.
To add to the problem, the longest lifetime (on both the Phase 1 and Phase 2, since they are treated the same) is 3600 seconds...