Hi Felipe, > I see that the first packet in matching > traffic is always lost: in a ping session, packet with seq=1 never makes > it to the other side, only from seq=2 onwards. > > Why does this happen?
It's a known property of the Linux kernel. Packets, in particular the triggering one, are not cached and lost until the IPsec SAs are established. > and is there a way to avoid it? Not that I'm aware. > I'm thinking about > SNMP traps over IPSec that are not retransmitted since they use UDP. Neither UDP, IP, nor IPsec guarantee delivery of any sent packets, you always have to reckon with packet loss. Regards, Tobias
