scp from linux to linux via an ipsec tunnel between openBSD gateway and lancom
1611+ router fails( hangs) if tcp window scaling is enabled.
This is my setup:
Redhat Linux ES3 <---> dc0 openBSD IPSEC dc1 <---- internet -----> lancom
1611+ <---> Redhat Linux ES4
RHES3 does
scp a.a host:/directory
ask for password, and then hangs, given the file is larger that about
1300 bytes.
tcpdump on openBSD dc0 and enc0 shows:
RHES3 sends SYN with wscale=0, receives SYN with wscale=3
sends and receives some small packets during negotiation
sends a first full size packet, which I see on dc0, but not on enc0
and hangs, repeating this first packet.
This only happens, when RHES3 is copying data to RHES4.
If RHES3 is copying data from RHES4, it works, but very slow.
The problem can be worked around by setting net.ipv4.tcp_window_scaling=0 on
RHES3, effectively disabling the window scale feature.
Is this a known problem? Or possibly caused by some sort of misconfiguration?
I will happily provide more details, tcpdumps etc. if you are interested.
I found that Stephen Hemminger claims on Linux World Expo Feb. 2005 that
openBSD might fail to track state when window scaling is in effect. See
http://developer.osdl.org/shemminger/LWE2005_TCP.pdf .
