Hi, When using synproxy state, PF seems to set the TCP window size to zero in ACK packets. This breaks some network configurations, is this normal/desired ?
With synproxy state, we have win 0 : 14:33:02.934065 0800 74: 37.161.129.131.45134 > 192.168.1.2.80: S 1330066024:1330066024(0) win 14600 <mss 1300,sackOK,timestamp 487381 0,nop,wscale 5> (DF) 14:33:02.934081 0800 58: 192.168.1.2.80 > 37.161.129.131.45134: S 3486079161:3486079161(0) ack 1330066025 win 0 <mss 1300> (DF) [tos 0x10] With keep state, we have win 16384 : 14:33:17.408264 0800 74: 37.161.129.131.45138 > 192.168.1.2.80: S 1699948830:1699948830(0) win 14600 <mss 1300,sackOK,timestamp 488833 0,nop,wscale 5> (DF) 14:33:17.408308 0800 78: 192.168.1.2.80 > 37.161.129.131.45138: S 2729008284:2729008284(0) ack 1699948831 win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 3670084025 488833> (DF)
