IPSec session stalls

[Volker]

Hi!

A few days ago I've managed to setup two IPSec tunnels (3 machines
involved) between FreeBSD 5.4R hosts.

While I do not fully understand all the options and knobs of IPSec, it
was easy to setup (thanks to the handbook guys!).

As the tunnels work properly in the first place, there's one issue (on
both tunnels). Whenever there's a large amount of traffic per tcp or udp
session, the tcp or udp session stalls.

For example, I've tried to scp a 1.4M file through one of these tunnels,
scp starts to transfer the file and stalls exactly at 49152 bytes being
transfered. PcAnywhere (using udp) sessions going through the tunnel
work for a few minutes and then the PcAw connection breaks between host
and remote. I guess both issues are equal as it generates a lot of
traffic in the tunnel.

The tunnel itself seems to be stable. I've tried to scp a huge file and
ping'ed the other host in another session and no packet loss did appear.

what I did:

- gif tunnel created on both sides
- spd policies setup to encrypt (ipencap) traffic between both machines
(in + out)
- racoon installed and key timelife set to 1 hour
- route set into the tunnel

The racoon debug output did not show anything which would lead me to an
issue with racoon.

Where do I have to look for? How do I debug this problem? Did anybody
experience similar problems?

Thanks,

Volker