I have a setup that I am testing for IP leaks.
- Beryl as WireGuard server on home internet
- Beryl as WireGuard client connecting to mobile hotspot.
- ssh into Beryl client and 'tcpdump -i apclix0 -n ‘not udp and not icmp and not arp’
I would expect to not see anything in the logs, because I am filtering the expected traffic.
I have seen a few unexpected packets.
16:09:19.537708 IP 18.65.25.85.443 > 192.168.43.132.51731: Flags [P.], seq 39:63, ack 1, win 133, options [nop,nop,TS val 1736048560 ecr 291021362], length 24
16:09:19.542358 IP 18.65.25.85.443 > 192.168.43.132.51731: Flags [F.], seq 63, ack 1, win 133, options [nop,nop,TS val 1736048560 ecr 291021362], length 0
16:09:19.896640 IP 18.65.25.85.443 > 192.168.43.132.51731: Flags [F.], seq 63, ack 1, win 133, options [nop,nop,TS val 1736048848 ecr 291021362], length 0
16:09:20.240509 IP 18.65.25.85.443 > 192.168.43.132.51731: Flags [FP.], seq 0:63, ack 1, win 133, options [nop,nop,TS val 1736049264 ecr 291021362], length 63
16:09:21.085047 IP 18.65.25.85.443 > 192.168.43.132.51731: Flags [FP.], seq 0:63, ack 1, win 133, options [nop,nop,TS val 1736050064 ecr 291021362], length 63
16:09:22.610054 IP 18.65.25.85.443 > 192.168.43.132.51731: Flags [FP.], seq 0:63, ack 1, win 133, options [nop,nop,TS val 1736051632 ecr 291021362], length 63
16:09:25.906668 IP 18.65.25.85.443 > 192.168.43.132.51731: Flags [FP.], seq 0:63, ack 1, win 133, options [nop,nop,TS val 1736054928 ecr 291021362], length 63
16:09:29.405195 IP 18.67.76.127.443 > 192.168.43.132.52023: Flags [FP.], seq 2070037465:2070037496, ack 2182455858, win 390, options [nop,nop,TS val 223417183 ecr 2892455556], length 31
192.168.43.132 is the IP for the Beryl (client) wifi interface.
How come this packets are not coming from my VPN IP under UDP (WireGuard)?