i have found the underlying cause of this. it is dns resolution taking too long. and this is because my primary dns server is over an ipsec tunnel and the ipsec tunnel doesn't seem to want to work. i am getting a session established, but traffic doesn't flow. i have reset both ends and still no joy. i do have some firewalling in place and will be testing that next. so, has anyone seen ipsec get messed up with the latest kernel?