[CentOS] centos 5 2.6.18-53.1.21.el5 kernel and ipsec

Wed May 28 23:55:20 UTC 2008
Ned Slider <ned at unixmail.co.uk>

Joe Pruett wrote:
> i had previously been having issues with automount being slow with this 
> new kernel and i tracked it down to dns delays which were being caused 
> by ipsec not working.  i have spent a few hours poking around and ipsec 
> seems quite broken with this new kernel.  esp packets go in and out just 
> fine, but when i look at ip xfrm stats on the machine with the new 
> kernel, i see that for input packets, the ah layer is being processed 
> just fine, but the esp layer is showing 0 bytes/packets and no errors.  
> i can't find any errors or other indications of what is going on.
> 
> is anyone else running a standard ipsec tunnel (using the standard ifcfg 
> method for creating the tunnel) under this new kernel?  i know that a 
> new 5.2 kernel should be coming soon, but i worry that whatever broke 
> this version may happen there as well.

See here:

http://bugs.centos.org/view.php?id=2853