The L2TP/IPSec VPN server is a Mikrotik router, with these firewall configurations: /ip firewall filter printįlags: X - disabled, I - invalid, D - dynamicĠ D special dummy rule to show fasttrack countersĬhain=input action=accept protocol=udp in-interface=pppoe-out1Ĭhain=input action=accept protocol=ipsec-esp in-interface=pppoe-out1Ĭhain=input action=accept protocol=ipsec-ah in-interface=pppoe-out1Ĭhain=input action=accept src-address-type=localĬhain=input action=accept protocol=icmp log=no log-prefix=""Ĩ defconf: accept establieshed,relatedĬhain=input action=accept connection-state=established,related log=noĬhain=input action=drop protocol=tcp in-interface=pppoe-out1ġ0 Drop Winbox connection from outsideġ1 Drop UDP DNS requests from outsideĬhain=input action=drop protocol=udp in-interface=pppoe-out1ġ2 Drop TCP DNS requests from outsideĬhain=input action=drop protocol=tcp dst-port=53 log=no log-prefix=""Ĭhain=input action=accept protocol=icmp dst-address=103.12.163.90Ĭhain=input action=drop in-interface=ether1 log=no log-prefix=""Ĭhain=forward action=fasttrack-connectionĬonnection-state=established,related log=no log-prefix=""ġ6 defconf: accept established,relatedĬhain=forward action=accept connection-state=established,related log=noĬhain=forward action=drop connection-state=invalid log=no log-prefix=""ġ8 defconf: drop all from WAN not DSTNATedĬhain=forward action=drop connection-state=newĬonnection-nat-state=!dstnat in-interface=ether1 log=no log-prefix=""Ġ chain=srcnat action=masquerade out-interface=pppoe-out1 log=noĬhain=dstnat action=dst-nat to-addresses=10.0.0.2 to-ports=900