[strongSwan] slow IPv6 scp over VPN
Volker RĂ¼melin
vr_strongswan at t-online.de
Sat Aug 20 14:40:41 CEST 2016
Hi Daniel,
on my systems I could solve this problem by disabling a few network
offload features with ethtool -K. It was always the network card where
the unencrypted data was coming in.
With best regards,
Volker
>
> On 15/08/16 10:59, Daniel Pocock wrote:
>>
>> Hi all,
>>
>> I have a dual-stack configuration, both IPv4 and IPv6 on all hosts on
>> both sides of a VPN
>>
>> I've found that some scp file copies from one site to the other are
>> extremely slow when using IPv6 but they work at the expected speed when
>> using IPv4 over the same VPN.
>>
>> I used tshark on the server where the data is coming from and I could
>> see a lot of packets with TCP Retransmission.
>>
>> traceroute6 and ping6 don't reveal any problems.
>>
>> There is a Shorewall firewall at one end of the VPN and at the other end
>> of the VPN it is an OpenWRT router with StrongSWAN packages and firewall.
>>
>> I used Shorewall to set MSS in /etc/shorewall6/zones:
>>
>>
>> my_vpn ipsec mode=tunnel mss=1200
>>
>>
>> Looking in Google, various other people have described problems like this.
>>
>
> This MSS change hasn't actually resolved the problem though, has anybody
> else seen issues like this with IPv6? Can anybody suggest further steps
> to investigate the issue or changes to try and fix it?
More information about the Users
mailing list