D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: c0re on April 04, 2019, 10:45:38 AM

Title: DFL-260, Unable to SAT the VPN traffic, mismatching_tcp_window_scale
Post by: c0re on April 04, 2019, 10:45:38 AM

Hi,

I have the following scenary:

• ROUTER1 - DFL-260 with static WAN and LAN IP 192.168.1.6
• ROUTER2 - Mikrotik hAP lite with static WAN (ether1) connected to ROUTER1 LAN and WAN IP 192.168.1.254

And I need access to some Mikrotik services. Like as SSH, Winbox and VPN (PPTP and IPSec)

I configured forwarding some tcp port (like as SSH 22, WinBox 8291, etc) from ROUTER1 to ROUTER2 and it work perfectly
But i need also forward some VPN traffic like PPTP, IPSec
Lets see PPTP

Similarly to port forwarding, on ROUTER1 (DFL) I created a SAT rule for pptp-suite
And similarly created a policy.

But it's not worked
Having a look at the log, i find this:

Date	Severity	Category/ID	Rule	Proto	Src/DstIf	Src/DstIP	Src/DstPort	Event/Action	Notation
2019-04-04 14:01:14	Warning	TCP_OPT 3400019		TCP	wan core	MY_WAN_IP DFL_WAN_IP	52648 1723	mismatching_tcp_window_scale adjust	old=2 new=not_used effective=not_used origsent=152 termsent=0 ipdatalen=28 tcphdrlen=28 syn=1
2019-04-04 14:01:05	Info	CONN 600001	Subsidy-Policy-1	TCP	wan core	MY_WAN_IP DFL_WAN_IP	52648 1723	conn_open	satdestrule=pptp2Subsidy conn=open

what is the problem?
when as ROUTER1 was acted D-link DIR-300, it was enough to set up port forwarding tcp 1723 and everything worked.

what am I doing wrong?

Title: Re: DFL-260, Unable to SAT the VPN traffic, mismatching_tcp_window_scale
Post by: FurryNutz on April 16, 2019, 11:18:34 AM

I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this.
Link> Tech Support Contact Information (http://forums.dlink.com/index.php?board=635.0)
We find that phone contact has better immediate results over using email.
Let us know how it goes please.