It might not be possible to run HIP at all with old legacy client hosts even with the userspace IPsec. In such a case, HIP can be migrated to an on-path middlebox (e.g. router) by using the so called HIP Proxy. The HIP proxy translates connections from the client host to HIP-based connections to servers. The extension is experimental. To try the proxy, you'll need three machines as follows.

Start hipd at the server:

      hipd -bk
    

Start hipd and hipfw on the on-path proxy in the proxy mode:

     hipd -bk
     hipfw -Adbk
     hipconf proxy on
     <make sure that openssh is running>
    

Connect with ssh from the client to the server:

     ssh <ipv4-address-of-the-server>
    

The ssh connection should be tunneled over ESP. Note that this example requires the proxy to be located on the path between the client and server.