> On the receiving side (e.g. fd01:1b10:1000::1) I see the decrypted packets > with > the 2.6.23 kernel: > but NOT with the newer kernel:
Hi Joerg, First steps to debug this would be: cat /proc/net/xfrm_stat ip -s xfrm state ip -s xfrm policy First command will show some error accounting, which can point to the culprit code. Second and third command will show existing objects, and some statistics like when the last packet was used with them. Last thing - for your safety you should keep those session keys private. Ilan.
