Index: sys/net/if_ipsec.c
===================================================================
--- sys/net/if_ipsec.c
+++ sys/net/if_ipsec.c
@@ -1001,14 +1001,8 @@
 				key_freesp(&sp[i]);
 			return (EAGAIN);
 		}
-		if (sc->family != 0) {
-			CK_LIST_REMOVE(sc, srchash);
-			IPSEC_WAIT();
-
-			key_unregister_ifnet(sc->sp, IPSEC_SPCOUNT);
-			for (i = 0; i < IPSEC_SPCOUNT; i++)
-				key_freesp(&sc->sp[i]);
-		}
+		if (sc->family != 0)
+			ipsec_delete_tunnel(sc);
 		for (i = 0; i < IPSEC_SPCOUNT; i++)
 			sc->sp[i] = sp[i];
 		sc->family = src->sa_family;
@@ -1033,7 +1027,13 @@
 		CK_LIST_REMOVE(sc, srchash);
 		IPSEC_WAIT();
 
+		/*
+		 * Make sure that ipsec_if_input() will not do access
+		 * to softc's policies.
+		 */
 		sc->family = 0;
+		IPSEC_WAIT();
+
 		key_unregister_ifnet(sc->sp, IPSEC_SPCOUNT);
 		for (i = 0; i < IPSEC_SPCOUNT; i++)
 			key_freesp(&sc->sp[i]);