[Openswan Users] Unusual packet loss

Paul Wouters paul at xelerance.com
Mon Jan 24 13:29:38 CET 2005

On Mon, 24 Jan 2005, Philip Burrow wrote:

> machine. One question though - if MTU were the problem, why is it only a 
> problem when I bring the tunnels up?

Because NETKEY does not support path mtu discovery, which for non-ipsec
packets is supported by the normal kernel routes. KLIPS does implement
PMTU for ipsec, but is still marked experimental for the 2.6 kernel.


"At best it is a theory, at worst a fantasy" -- Michael Crichton

More information about the Users mailing list