Compiling IPSEC into the kernel disables TCP keepalives even on connections not using IPSEC. I stumbled over this because I had lots of stale sshd processes and sockets from days-long physically disconnected clients lingering, the connection never times out. If I remove IPSEC from the kernel, these processes and sockets disappear after a while.
Just to clarify, do you use any IPsec? Have any policies or anything?
(In reply to Bjoern A. Zeeb from comment #2) > Just to clarify, do you use any IPsec? Have any policies or anything? No, nothing. It is totally unused, just compiled in.
Updated 10.1-BETA and 10.1-RC versioned bugs to 10.1-STABLE.
George, you might want to be aware of this PR, since GENERIC now includes IPSEC by default in 11-CURRENT.
Tested by Jim Thompson on both 10.1 and CURRENT (11) and this does not occur in either of them. Closing this one.