[strongSwan] slow IPv6 scp over VPN
Daniel Pocock
daniel at pocock.pro
Mon Aug 15 10:59:24 CEST 2016
Hi all,
I have a dual-stack configuration, both IPv4 and IPv6 on all hosts on
both sides of a VPN
I've found that some scp file copies from one site to the other are
extremely slow when using IPv6 but they work at the expected speed when
using IPv4 over the same VPN.
I used tshark on the server where the data is coming from and I could
see a lot of packets with TCP Retransmission.
traceroute6 and ping6 don't reveal any problems.
There is a Shorewall firewall at one end of the VPN and at the other end
of the VPN it is an OpenWRT router with StrongSWAN packages and firewall.
I used Shorewall to set MSS in /etc/shorewall6/zones:
my_vpn ipsec mode=tunnel mss=1200
Looking in Google, various other people have described problems like this.
Regards,
Daniel
More information about the Users
mailing list