Since about a year ago I've lost my open IP in the University network and they forced me to move behind a VPN, with a lot of issues on how to maintain my workflow. But one of the most annoying things of this is that even the most basic things like using ssh or sftp may have new issues that are very hard to debug and for which I don't have any support whatsoever by the IT support staff.
The most recent one that I noticed is that sftp stalls for large files (sometimes after transmitting 10MB, some other times at other places). It took me a while to identify that this was due to the VPN, and then more time to find out what to do while trying different things until I found the solution in this link:
Basically the problem is that the TCP variable tcp_sack ("tcp selective acknowledgements") has to be disabled in my server behind the VPN. This is done for one session with:
sysctl -w net.ipv4.tcp_sack=0
To disable it permanently edit /etc/sysctl.conf and add the following: