Hi, I’m doing some tests using l2tp ipsec VPN with my Android smartphone
My Mikrotik is behind a tplink (double nat, I’ve already removed every application layer gateway rules and added l2tp and ipsec port forwarding), but I see some logs like
DROP: input: in:ether01-gateway out:(unknown 0), src-mac TPLINK_MAC , proto TCP (ACK), 185.151.204.6:443->MIKROTIK_WAN_IP:38065, len 1400
DROP: input: in:ether01-gateway out:(unknown 0), src-mac TPLINK_MAC, proto TCP (ACK), 31.13.86.49:5222->MIKROTIK_WAN_IP:49322, len 308
DROP: input: in:ether01-gateway out:(unknown 0), src-mac TPLINK_MAC, proto TCP (ACK), 216.58.205.68:443->MIKROTIK_WAN_IP:44809, len 1400
IP are often Google, Facebook, Amazon EC … Seems there’s something that should reach my network (my phone) but doesn’t , but if it gets past the tplink it should be anyway related to something started FROM my network.
They are from time to time, often when on VPN but seems not only…
Or maybe different, like
DROP: input: in:ether01-gateway out:(unknown 0), src-mac TPLINK_MAC, proto UDP, PREVIOUS_IP:58427->MIKROTIK_WAN_IP:22000, len 1228
where previous IP is the IP I had on my phone when initiating the previous vpn connection
My theory is that when my phone “lost something during communications” those packets are not anymore related to a connection and are being logged.
This could explain packets arriving when VPN is just started or just closed… But sometimes there are packet like these also without an apparent reason (but maybe there are only random lost packets?)
I’m a bit confused, I don’t think this is a security issue but maybe a misconfiguration on my side, please help me…