# ipsec verify
… If you encounter network related SElinux errors, especially when using KLIPS,
try disabling SElinux
…

Well, it is not running KLIPS but netkey, anyways I feel not comfortable about disabling selinux on a ipsec router.

I am not sure how to handle possible probems in this case, too. If I decide not to disable selinux, and I run into problems, should I

a) report it to redhat as a bug, because it is b) disable selinux because ipsec is not meant to work with selinux

Maybe just the verify script should be fixed?
Maybe I should ask RedHat about this, hm. And finally, do you encounter network related SElinux errors with IPSec, both 5 and 6?