[CentOS] centos 5 2.6.18-53.1.21.el5 kernel and ipsec

Wed May 28 23:34:43 UTC 2008
Joe Pruett <joey at clean.q7.com>

i had previously been having issues with automount being slow with this 
new kernel and i tracked it down to dns delays which were being caused by 
ipsec not working.  i have spent a few hours poking around and ipsec seems 
quite broken with this new kernel.  esp packets go in and out just fine, 
but when i look at ip xfrm stats on the machine with the new kernel, i see 
that for input packets, the ah layer is being processed just fine, but the 
esp layer is showing 0 bytes/packets and no errors.  i can't find any 
errors or other indications of what is going on.

is anyone else running a standard ipsec tunnel (using the standard ifcfg 
method for creating the tunnel) under this new kernel?  i know that a new 
5.2 kernel should be coming soon, but i worry that whatever broke this 
version may happen there as well.