Explore opportunistic encryption using IPsec in this informative conference talk by Paul Wouters from the Libreswan IPsec VPN Project. Discover how the libreswan IKE daemon leverages XFRM code to encrypt host traffic and integrate with DNS calls for enhanced security. Learn about various authentication mechanisms, including X.509 certificates, GSSAPI, and DNSSEC secured IPSECKEY records, and their applications in enterprise, cloud, and internet-wide deployments. Follow along as Wouters demonstrates the configuration of Opportunistic IPsec for X.509-based cloud deployment and internet-wide implementation using LetsEncrypt. Gain insights into IPsec's history, Libreswan's role, and the Linux implementation of IPsec. Delve into topics such as anonymous IPsec, internal configuration, and server setup through a comprehensive demo and feature overview.