When restarting IPsec connection racoon give up if stale socket file /tmp/.racoon exists. This prevent IPsec to work after unexpected racoon die (racoon crash, server crash, sigkill when machine went down and racoon did not exit via sigterm etc). The ifup-ipsec script should check for stale socket and remove it if no racoon copy is running or racoon should handle this issue by itself. This arised after http://rhn.redhat.com/errata/RHBA-2004-513.html (bug #129611)
This is a problem in ipsec-tools-0.2.5-0.6 (RHEL3) and also in ipsec-tools-0.3.3-5.6 (RHEL4) which use the /tmp/.racoon socket file (I test for socket and remove it before racoon starts). The better way should be that racoon handle it by itself. The ipsec-tools-0.5-1.RHEL4 do not have this problem, but use now the /var/racoon/racoon.sock socket file. I see it during test of ipsec-tools-0.5-1.RHEL4 in #145424.
It *should* be fixed in 0.3.3-5.6.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-232.html