i had previously been having issues with automount being slow with this new kernel and i tracked it down to dns delays which were being caused by ipsec not working. i have spent a few hours poking around and ipsec seems quite broken with this new kernel. esp packets go in and out just fine, but when i look at ip xfrm stats on the machine with the new kernel, i see that for input packets, the ah layer is being processed just fine, but the esp layer is showing 0 bytes/packets and no errors. i can't find any errors or other indications of what is going on. is anyone else running a standard ipsec tunnel (using the standard ifcfg method for creating the tunnel) under this new kernel? i know that a new 5.2 kernel should be coming soon, but i worry that whatever broke this version may happen there as well.