Problems with SCP stalling during file copy over VPN

Solution 1:

Are you allowing ICMP through the VPN? "TCP connection stalls after a few seconds" often translates to "PMTU black hole".

Solution 2:

Similar to @Gerald's response this page http://www.netheaven.com/pmtu.html gives a good explanation of MTU Discovery and the options when facing this issue.

Also a whitepaper by Cisco that discusses IP Fragmentation, MTU Discovery, and MSS all pertaining to IPSec VPN tunnels but is equally valid for similar situations. http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml


Solution 3:

We had similar spurios problems with scp to some Linux servers (Debian, 2.6.24-etchnhalf).

We were able to do away with the stalls by disabling the TCP variable tcp_sack ("tcp selective acknowledgements") on the remote servers:

sysctl -w net.ipv4.tcp_sack=0

On Debian, tcp_sack is enabled by default. If I read http://www.frozentux.net/ipsysctl-tutorial/chunkyhtml/tcpvariables.html, it should make no sense to disable this option, but in our case, it helped.

You can make this change permanent by adding a line net.ipv4.tcp_sack=0 to /etc/sysctl.conf (on other Linux systems YMMV).

Tags:

Linux

Ssh

Scp

Vpn