Subject: Re: packet loss? w/ 1.6[A-D] & IPSEC policy
To: Arto Selonen <email@example.com>
From: None <firstname.lastname@example.org>
Date: 07/23/2002 13:48:39
>> Yes, this could well be related to the ep driver issues discussed earlier.
>Well, it is not. I don't know what I was thinking/doing when I "checked"
>that the problem was asymmetric. Here is the countdown of the facts:
> - without IPSEC I can transfer bytes in both directions normally
> - with IPSEC enabled transfers to either direction fail for
> bigger packets (one end has ep0, the other has ex0); ie. packets
> that grow over MTU size due to IPSEC overhead
> - with IPSEC policies, but Path MTU Discovery disabled
> (sysctl -w net.inet.ip.mtudisc=0) problems disappear
>So, my problem is solved. In case others have similar problems:
> - is the above expected behavior?
> - how should I have learned about it in advance?
> - should it be documented better?
i think, between your nodes, there's some router which is discarding
icmp need fragment message (= generic PMTUD blackhole problem).