The register has reported on the horrifying technical capabilities that the government is introducing now we have the Investigatory Powers Act (here).
One of the key points is: That includes encrypted content – which means that UK organizations will not be allowed to introduce true end-to-end encryption of their users' data but will be legally required to introduce a backdoor to their systems so the authorities can read any and all communications.
My first comment, as always, is that this targets non-criminals - the normal users of communications, and makes us all more vulnerable to criminals by introducing exploitable back doors. The criminals wishing to communicate can do so - encryption is not made illegal as such, just that encryption applied by, or on behalf of, the telco has to be breakable. It will not even be suspicious to use encryption as even MPs do this, and so do many web sites you visit - the telco will not be able to see the content of https sessions, for example.
So criminals are in the clear - just in case any criminals were worried about this...
However, it does not necessarily mean end to end encryption is banned. For a start, it is only going to be practically enforceable against UK companies. But even then, as long as the encryption is applied by (or on behalf) of someone that is not a communications provider, that should be fine. End to end encryption is applied by, on on behalf of, the end users, not the telco.
This may mean that is someone makes an end to end encrypted communications app, they may have to be a separate company that does the app itself, and manages keys, to the company that passes the data or manages end point addressing. I don't believe that just making a device or writing an app puts you under this crazy regime. I am sure someone will say if I have that wrong.
So it should mean FireBrick IPsec tunnels are fine.
The complication would come where we "manage" the FireBrick for a customers, and that may have to change at some point. However, we normally don't actually manage any IPsec for people, we advise on how to set up keys and configure things but don't have access to those keys ourselves as an ISP.
The fact that encryption will still be legal, and practical, and usable by criminals, just shows how bloody stupid this all is, and what a waste of public money it is (money we could be spending on the NHS).