TCP connection through IPSec (Linux/Strongswan) stalls after exceeding PMTU

You could try creating a rule in iptables to set the TCP MSS for the VPN-destined traffic to a lower value. But without a packet capture it's difficult to guess what's going on.