A method of key exchange for IPsec which allows to parties to communicate securely without having any prearranged or preshared secrets.

There are two types of OE, the first being initiator-only. Initiator-only OE is the configuration you would use if you do not have control over the reverse DNS of your IP address. Therefore, only you can start the IPsec negotiation, other machines would be unable to get your key from your reverse DNS. You must, however, have a domain where you have control of DNS, where you can publish the forward key (IN KEY) record.

The second type of OE is Full Opportunism. This allows you to either start the exchange, or receive the connection from someone else. To use Full OE you must be able to publish IN KEY records for both forward and reverse DNS and insert an IN TXT record that specifies that your IP can receive OE connections.

Opportunistic Encryption is secure against passive attacks (an eavesdropper), and with the addition of DNSsec (signing of KEY records by each level of domain up to the TLD) is secure against an active attack (Man in the Middle).

Currently only FreeS/WAN supports OE, but hopefully more implementations will pick it up as it is currently an IETF draft standard.