--- sys/netipsec/xform_ipip.c.orig	2015-11-07 10:41:56.000000000 +0100
+++ sys/netipsec/xform_ipip.c	2015-11-07 10:43:36.000000000 +0100
@@ -655,6 +655,7 @@ ipe4_encapcheck(const struct mbuf *m, in
 	 * also return a minimum priority when we want the packet
 	 * so any explicit gif tunnels take precedence.
 	 */
+	if(mtod(m, struct ip *)->ip_p != IPPROTO_IPIP) return 0;
 	return ((m->m_flags & M_IPSEC) != 0 ? 1 : 0);
 }
 #endif /* INET */