[strongSwan] had to manually up a connection
Victor Sudakov
vas at sibptus.ru
Mon Mar 9 05:12:06 CET 2020
Tobias Brunner wrote:
>
> > I see that the first packet in matching
> > traffic is always lost: in a ping session, packet with seq=1 never makes
> > it to the other side, only from seq=2 onwards.
> >
> > Why does this happen?
>
> It's a known property of the Linux kernel. Packets, in particular the
> triggering one, are not cached and lost until the IPsec SAs are established.
>
> > and is there a way to avoid it?
>
> Not that I'm aware.
Maybe using "auto=start" would be better in this scenario? When the
host wants to send an SNMP trap, the IPSec connection will have already
been established. No need for triggering.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200309/0a43c6af/attachment.sig>
More information about the Users
mailing list