Unwanted connections UDP/4500
Posted: Mon Nov 25, 2024 12:04 am
Hello,
I am trying to setup a site-to-site VPN between two Mikrotik routers:
-Router A: CRS354 and
-Router B: hAP ax^2 with ROS v7.16.1
First time I tried L2TP then OPEN VPN and it didn't work anymore since v7, some forums advise to use Wireguard.
Wireguard works great on a custom port like UDP 12345 but I have a problem, even after removing OPEN VPN and L2TP configurations on both sides, I see UDP 4500 connections in /ip/firewall/connection/print that persist.
>/ip/firewall/connection/print detail
5 C protocol=udp src-address="wan_address_B:4500 dst-address=public_address_A:4500 reply-src-address=public_address_A:4500 reply-dst-address=wan_address_B:4500 timeout=0s
orig-packets=4 orig-bytes=1,408 orig-fasttrack-packets=0 orig-fasttrack-bytes=0 repl-packets=0 repl-bytes=0 repl-fasttrack-packets=0 repl-fasttrack-bytes=0
orig-rate=0bps repl-rate=0bps
On the other router A there is the same thing reversed.
When I modify the firewall rules like this:
On A 'input' udp 4500 action=drop
On B 'output' udp 4500 action=drop
The udp 4500 connections no longer appear but the counters on the rules still increase!
I deduce that the connections are only in the direction B to A
How to identify the processes that use this port?
How to disable the use of this UDP 4500 port?
Thank you very much
I am trying to setup a site-to-site VPN between two Mikrotik routers:
-Router A: CRS354 and
-Router B: hAP ax^2 with ROS v7.16.1
First time I tried L2TP then OPEN VPN and it didn't work anymore since v7, some forums advise to use Wireguard.
Wireguard works great on a custom port like UDP 12345 but I have a problem, even after removing OPEN VPN and L2TP configurations on both sides, I see UDP 4500 connections in /ip/firewall/connection/print that persist.
>/ip/firewall/connection/print detail
5 C protocol=udp src-address="wan_address_B:4500 dst-address=public_address_A:4500 reply-src-address=public_address_A:4500 reply-dst-address=wan_address_B:4500 timeout=0s
orig-packets=4 orig-bytes=1,408 orig-fasttrack-packets=0 orig-fasttrack-bytes=0 repl-packets=0 repl-bytes=0 repl-fasttrack-packets=0 repl-fasttrack-bytes=0
orig-rate=0bps repl-rate=0bps
On the other router A there is the same thing reversed.
When I modify the firewall rules like this:
On A 'input' udp 4500 action=drop
On B 'output' udp 4500 action=drop
The udp 4500 connections no longer appear but the counters on the rules still increase!
I deduce that the connections are only in the direction B to A
How to identify the processes that use this port?
How to disable the use of this UDP 4500 port?
Thank you very much