[CentOS] openswan and ipsec

Sat Feb 8 22:05:51 UTC 2014
Markus Falb <wnefal at gmail.com>

# ipsec verify
...
If you encounter network related SElinux errors, especially when using KLIPS,
  try disabling SElinux
...

Well, it is not running KLIPS but netkey, anyways
I feel not comfortable about disabling selinux on a ipsec router.

I am not sure how to handle possible probems in this case, too.
If I decide not to disable selinux, and I run into problems, should I

a) report it to redhat as a bug, because it is
b) disable selinux because ipsec is not meant to work with selinux

Maybe just the verify script should be fixed?
Maybe I should ask RedHat about this, hm.
And finally, do you encounter network related SElinux errors with IPSec, both 5 and 6?

-- 
Kind Regards, Markus