Hi, I'm doing some tests using l2tp ipsec VPN with my Android smartphone
My Mikrotik is behind a tplink (double nat, I've already removed every application layer gateway rules and added l2tp and ipsec port forwarding), but I see some logs like
IP are often Google, Facebook, Amazon EC ... Seems there's something that should reach my network (my phone) but doesn't , but if it gets past the tplink it should be anyway related to something started FROM my network.
They are from time to time, often when on VPN but seems not only...

Or maybe different, like where previous IP is the IP I had on my phone when initiating the previous vpn connection


My theory is that when my phone "lost something during communications" those packets are not anymore related to a connection and are being logged.
This could explain packets arriving when VPN is just started or just closed... But sometimes there are packet like these also without an apparent reason (but maybe there are only random lost packets?)

I'm a bit confused, I don't think this is a security issue but maybe a misconfiguration on my side, please help me...

After a while reasoning, this seems not related to VPN usage and could be definitely like
viewtopic.php?t=3991

So I looked for packet timeout values here viewtopic.php?t=85039
But I'm not sure if this is a good way to solve the issue.

This could explain other issues I have with detect-internet and dns queries...
Any ideas?

If there is no way to solve this, is there at least a way to selectively disable logging for just these packets ?