[Openswan Users] Unusual packet loss

[Paul Wouters]

On Mon, 24 Jan 2005, Philip Burrow wrote:

> machine. One question though - if MTU were the problem, why is it only a 
> problem when I bring the tunnels up?

Because NETKEY does not support path mtu discovery, which for non-ipsec
packets is supported by the normal kernel routes. KLIPS does implement
PMTU for ipsec, but is still marked experimental for the 2.6 kernel.

Paul
-- 

"At best it is a theory, at worst a fantasy" -- Michael Crichton