From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3)
Gecko/20040922

Description of problem:
I use FC3 kernel-2.6.9-1.667 with ipsec-tools-0.3.3-2
to create an ipsec tunnel. That worked fine.
Since there is a problem with the ip_conntrack_amanda module in kernel
2.6.9, I had to upgrade to kernel-2.6.10-1.741_FC3. After this
upgrade, the ipsec tunnel stops forwarding packets.
I am running some experiments now with ipsec-tools-0.5-rc1. It seems
this solves my problem.
So please update ipsec-tools in FC3!

Version-Release number of selected component (if applicable):
ipsec-tools-0.3.3-2, kernel-2.6.10-1.741_FC3

How reproducible:
Always

Steps to Reproduce:
1. install minimal FC3
2. upgrade to kernel 2.6.10-1.741_FC3
3. start ipsec-tunnel (start racoon + setkey -f...)
    

Actual Results:  The tunnel does not forward packets

Additional info:

/etc/racoon/racoon.conf:

path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";

log debug;

remote anonymous
{
        exchange_mode aggressive,main;
        lifetime time 1 hour;   # sec,min,hour
        proposal_check obey;    # obey, strict or claim
        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2 ;
        }
}

sainfo anonymous
{
        pfs_group 2;
        lifetime time 1 hour ;
        encryption_algorithm 3des, blowfish 448, rijndael ;
        authentication_algorithm hmac_sha1, hmac_md5 ;
        compression_algorithm deflate ;
}

======================================
script that starts the tunnel on gateway A:
#!/sbin/setkey -f
flush;
spdflush;

spdadd x.y.z.0/22[any] 192.168.127.0/24[any] any -P out ipsec
        esp/tunnel/x.y.z.251-192.168.127.240/require;

spdadd 192.168.127.0/24[any] x.y.z.0/22[any] any -P in ipsec
        esp/tunnel/192.168.127.240-x.y.z.251/require;

=============
similar on gateway B