kernel-2.6.5-1.315, ipsec-tools-0.2.5-1 Given: 172.16.56.99[any] 172.16.56.74[any] any out ipsec esp/transport//require ah/transport//require created: Apr 13 12:10:43 2004 lastused: Apr 13 16:00:10 2004 lifetime: 0(s) validtime: 0(s) spid=17 seq=6 pid=14613 refcnt=2 Attempting to remove it yields: [root@nostromo sbin]# setkey -c spddelete 172.16.56.99 172.16.56.74 any -P out; The result of line 1: No entry. It can be removed with 'setkey -P -F'. This works with the same ipsec-tools code on a RHEL3 kernel.
*** Bug 123747 has been marked as a duplicate of this bug. ***
In my testing this appears to be solved with kernel-2.6.6-1.435.2.3 and ipsec-tools-0.2.5-4.