[strongSwan] slow IPv6 scp over VPN
Daniel Pocock
daniel at pocock.pro
Sat Aug 20 09:22:42 CEST 2016
On 15/08/16 10:59, Daniel Pocock wrote:
>
>
> Hi all,
>
> I have a dual-stack configuration, both IPv4 and IPv6 on all hosts on
> both sides of a VPN
>
> I've found that some scp file copies from one site to the other are
> extremely slow when using IPv6 but they work at the expected speed when
> using IPv4 over the same VPN.
>
> I used tshark on the server where the data is coming from and I could
> see a lot of packets with TCP Retransmission.
>
> traceroute6 and ping6 don't reveal any problems.
>
> There is a Shorewall firewall at one end of the VPN and at the other end
> of the VPN it is an OpenWRT router with StrongSWAN packages and firewall.
>
> I used Shorewall to set MSS in /etc/shorewall6/zones:
>
>
> my_vpn ipsec mode=tunnel mss=1200
>
>
> Looking in Google, various other people have described problems like this.
>
This MSS change hasn't actually resolved the problem though, has anybody
else seen issues like this with IPv6? Can anybody suggest further steps
to investigate the issue or changes to try and fix it?
More information about the Users
mailing list