[strongSwan] had to manually up a connection

Michael Schwartzkopff ms at sys4.de
Fri Mar 6 15:59:58 CET 2020

On 06.03.20 15:58, Tobias Brunner wrote:
> Hi Felipe,
>> I see that the first packet in matching
>> traffic is always lost: in a ping session, packet with seq=1 never makes
>> it to the other side, only from seq=2 onwards.
>> Why does this happen?
> It's a known property of the Linux kernel.  Packets, in particular the
> triggering one, are not cached and lost until the IPsec SAs are established.
>> and is there a way to avoid it?
> Not that I'm aware.
>> I'm thinking about
>> SNMP traps over IPSec that are not retransmitted since they use UDP.
> Neither UDP, IP, nor IPsec guarantee delivery of any sent packets, you
> always have to reckon with packet loss.
> Regards,
> Tobias

Use SNMPv3 informs. The SNMP manager sends a confirmation having
received it.

Mit freundlichen Grüßen,


[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200306/f8a49a97/attachment.sig>

More information about the Users mailing list