SSH Pipe Speed 48 KB/sec FreeBSD 12 PF
We recently ran into an issue after upgrading a server from FreeBSD 11.2 to 12.1 where throughput via SSH pipes would crash to 48 KB/sec almost instantly after starting.
The odd thing was scp (which uses SSH) was not affected. After ruling out Internet and remote host issues we discovered that the PF rule was missing flags S/SA synproxy state at the end.
So by converting this line in our pf.conf:
pass in on $ext_if proto tcp from any to any port sshto this:
pass in on $ext_if proto tcp from any to any port ssh flags S/SA synproxy stateThe problem was instantly fixed. I did not track down what the underlying cause was but it seems something changed between FreeBSD 11.2 to 12.1.
Hope this helps!
Need help with Linux or FreeBSD infrastructure?
A-Team Systems provides engineer-led support for production Linux and FreeBSD environments, including troubleshooting, operational oversight, and ongoing infrastructure management.
Contact A-Team Systems