Subject: Re: packet loss? w/ 1.6[A-D] & IPSEC policy
To: Arto Selonen <>
From: None <>
List: current-users
Date: 07/23/2002 13:48:39
>> Yes, this could well be related to the ep driver issues discussed earlier.
>Well, it is not. I don't know what I was thinking/doing when I "checked"
>that the problem was asymmetric. Here is the countdown of the facts:
>	- without IPSEC I can transfer bytes in both directions normally
>	- with IPSEC enabled transfers to either direction fail for
>	  bigger packets (one end has ep0, the other has ex0); ie. packets
>	  that grow over MTU size due to IPSEC overhead
>	- with IPSEC policies, but Path MTU Discovery disabled
>	  (sysctl -w net.inet.ip.mtudisc=0) problems disappear
>So, my problem is solved. In case others have similar problems:
>	- is the above expected behavior?
>	- how should I have learned about it in advance?
>	- should it be documented better?

	i think, between your nodes, there's some router which is discarding
	icmp need fragment message (= generic PMTUD blackhole problem).