[Openswan Users] Unusual packet loss

Philip Burrow philburrow at blueyonder.co.uk
Mon Jan 24 02:15:12 CET 2005


Firstly, I'm a new member to the list but I've been using 
FreeSWAN/Openswan for a number of years now and always found it to be 
excellent, so props to the developers and contributors.

To my point, I'm having an unusual problem with apparent packet loss 
across a tunnel. Let me describe the set up. I have two machines running 
Fedora 2, with 2.6.10 kernel and Openswan 2.3.0. Both are on ADSL 
connections with 256k upstream operated by the same ISP.

The tunnels connect as expected. I receive no error messages. However 
when I ping, the first 4 or 5 packets are dropped/lost. The sequence 
then begins at about ping number 4 and continues with a sensible ping 
until CTRL-C. I.e. a ping from the internal interface of one gateway to 
the internal interface of the other:

[root at preston i386]# ping -I
PING ( from : 56(84) bytes of data.
64 bytes from icmp_seq=4 ttl=64 time=63.2 ms
64 bytes from icmp_seq=5 ttl=64 time=62.3 ms
64 bytes from icmp_seq=6 ttl=64 time=64.9 ms
64 bytes from icmp_seq=7 ttl=64 time=66.6 ms
64 bytes from icmp_seq=8 ttl=64 time=62.6 ms
64 bytes from icmp_seq=9 ttl=64 time=61.9 ms
64 bytes from icmp_seq=10 ttl=64 time=64.0 ms

Then if I wait a minute and ping again, it begins from icmp_seq=0 as you 
would expect from a normal ping.

Another example of strangeness is if I try and FTP across the tunnel. I 
can log in and such, as expected, but it hangs when I request a 
directory listing. I then tried to list the contents of a LDAP directory 
on one gateway from the other gateway and it works, but only the first 
10 lines of the dump actually appear and it hangs (should be thousands 
of lines).

These things work when I stop IPSEC and try them. No losses on pings, 
LDAP dump is a full dump, FTP directory listings work.

ipsec verify shows all as fine, and it does this whether or not I use a 

Any suggestions as to what may be causing this? From what I read in the 
documentation it looks like MTU may be involved but I don't see why it 
would be, and don't know what I can do to play with it. Guidance would 
be appreciated!



More information about the Users mailing list