[strongSwan] had to manually up a connection
Tobias Brunner
tobias at strongswan.org
Fri Mar 6 15:58:41 CET 2020
Hi Felipe,
> I see that the first packet in matching
> traffic is always lost: in a ping session, packet with seq=1 never makes
> it to the other side, only from seq=2 onwards.
>
> Why does this happen?
It's a known property of the Linux kernel. Packets, in particular the
triggering one, are not cached and lost until the IPsec SAs are established.
> and is there a way to avoid it?
Not that I'm aware.
> I'm thinking about
> SNMP traps over IPSec that are not retransmitted since they use UDP.
Neither UDP, IP, nor IPsec guarantee delivery of any sent packets, you
always have to reckon with packet loss.
Regards,
Tobias
More information about the Users
mailing list