I am very annoyed, I have spent some time on google to find that there was talk of freebsd-update and a binary IPSEC kernel 4 years ago. Why is there no binary IPSEC kernel?

OpenBSD has it by default, and while I understand FreeBSD != OpenBSD, I really do not know why there would not be some kind of supported binary release.

Right now I am compiling a kernel with IPSEC knowing that the minute there is an upgrade I will be greeted by a warning from freebsd-update that I get to do it again.

I don't use IPsec, but usually stuff that isn't in the kernel is usually compiled into modules (correct me if I'm wrong). They are loaded automatically when you need them.

Problem with IPsec is, it slows down stuff, because it requires some hooks in IP input and output routines.

However, it would be great if there was a way for freebsd-update to distribute several kernels, and for the user to choose between them. This way, we could have, in addition to the GENERIC, a kernel - let's call it PHAT - with things like ALTQ, quota, IPsec or whatever compiled in.