This is a "feature" in the Linux IPsec (see the first bullet): http://vger.kernel.org/~davem/net_todo.html Linux IPsec assumes transport layer handles packet retransmissions. IMHO, this is a fair assumption except that it can cause unnecessary delay to e.g. TCP connections, leading to lowered user experience. So either it should reported to some other bugzilla or the description of this bug should be changed to "hipfw lacks a packet cache mechanism". ** Changed in: hipl Importance: Undecided => Low -- packet that initializes handover is dropped https://bugs.launchpad.net/bugs/680488 You received this bug notification because you are a member of HIPL core team, which is subscribed to HIPL. Status in Host Identity Protocol for Linux: New Bug description: Starting hipd on two machines and pinging the HIT of one from the other leads to the first packet lost on otherwise successful connection. I was told this packet was once buffered in the kernel, but this feature was somehow lost.