Packets get dropped due to no no_sa_found during rekeying
When rekeying IPsec SA, new SA is created and then old one id deleted.
It is possible that after old SA is deleted, there are still packets secured with old SA being transmitted.
In such case when the packets are processed by the receiver, it will complain no_sa_found.
A possible fix is to initiate the deletion of the old SA after a few seconds delay, when the outstanding packets are processed completely.