Business Community > Routers > Problems with IPsec IKEv2 VPN for Android 14
< Routers

Problems with IPsec IKEv2 VPN for Android 14

12

Problems with IPsec IKEv2 VPN for Android 14

Problems with IPsec IKEv2 VPN for Android 14
Problems with IPsec IKEv2 VPN for Android 14
Friday - last edited Saturday
Model: ER7412-M2  
Hardware Version: V1
Firmware Version: 1.0.1

Hi all

 

Hi @Clive_A 

 

I follow the guide LINK to establish a IPsec VPN with my Android 14 cell phone and the connection is working yes

 

One BUT, i able to enter the server in the LAN segment from remote VPN client but can't use the connected phone to

access internet if VPN is running!?!? 

In regular i expect that the phone is a device in LAN on the router via VPN, so it should have internet access as well.

Is this a bug?

 

BR

David

 

 

 

 

 

 

  0      
 
  0      
 
#1
Options
2 Accepted Solutions
Re:Problems with IPsec IKEv2 VPN for Android 14-Solution
Saturday - last edited Saturday

Hi @NutsB22 

Thanks for posting in our business forum.

Expected. IPsec is not created for proxy. Consider other types of VPN. You should access the LAN and that's it. Internet access is routed locally on your phone. If you have any questions regarding the IPsec, you may kindly Google for its Wikipedia.

Note that a full tunnel(proxy) will forward all traffic in other VPN types. If you use the WG, you have more options for choosing what subnet you intend to access.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. Don't be a lazy asker. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#2
Options
Re:Problems with IPsec IKEv2 VPN for Android 14-Solution
Saturday - last edited Monday

  @NutsB22 

 

you are talking about two different technologies, L2TP/Ipsec has the possibility of full tunneling on TP-Link as well. but Android no longer supports L2TP, you need to use wireguard or OpenVPN for full tunnel. this also applies to Unifi. I don't think either the Edge router or Unifi has an IPsec IKEv2 VPN Server like TP-Link has.

 

 

Recommended Solution
  1  
  1  
#8
Options
11 Reply
Re:Problems with IPsec IKEv2 VPN for Android 14-Solution
Saturday - last edited Saturday

Hi @NutsB22 

Thanks for posting in our business forum.

Expected. IPsec is not created for proxy. Consider other types of VPN. You should access the LAN and that's it. Internet access is routed locally on your phone. If you have any questions regarding the IPsec, you may kindly Google for its Wikipedia.

Note that a full tunnel(proxy) will forward all traffic in other VPN types. If you use the WG, you have more options for choosing what subnet you intend to access.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. Don't be a lazy asker. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#2
Options
Re:Problems with IPsec IKEv2 VPN for Android 14
Saturday - last edited Saturday

  @Clive_A 

 

is was wondering because in my former IPsec ike1 szenaro was this working like charm.....

I connect my android phone via IPsec into the router, get an IP inside the LAN and was able to establish all connectivity's as a local client.

 

Now with the tp-Link router, the VPN client get a host ip in an different subnet and possible missing a proxy....!?

This is not really an improvement....

 

In fact my phone is connected into the VPN, i have no more mobile internet available. The VPN host 172.31.1.1 is able to access my selected vlans and clients, so there is a route provided but no connectivity across the router NAT crying into internet. This is a really half baken VPN solution

 

 

 

  0  
  0  
#3
Options
Re:Problems with IPsec IKEv2 VPN for Android 14
Saturday

Hi @NutsB22 

Thanks for posting in our business forum.

NutsB22 wrote

  @Clive_A 

 

is was wondering because in my former IPsec ike1 szenaro was this working like charm.....

I connect my android phone via IPsec into the router, get an IP inside the LAN and was able to establish all connectivity's as a local client.

 

Now with the tp-Link router the VPN client get a host ip in an different subnet and possible missing a proxy....

This is not really an improvement....

 

 

 

What vendor does support proxy? Open to your suggestions if you can mention any and with their guides. I can submit a request and evaluation. I really don't think it is a missing feature.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. Don't be a lazy asker. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#4
Options
Re:Problems with IPsec IKEv2 VPN for Android 14
Saturday

  @Clive_A 

 

My former vendor was a Ubiquiti EdgeRouter. And VPN worked as described before.


I upgrade to tp-link in case of better inter vlan routing throughput and ike2 support.

Ubiquiti provide an VPN ip range inside the a main LAN for example 192.168.1.10 - 192.168.1.12/24
So remote VPN devices get this IPs addressed and be a part of the main LAN network direclty.
All routing and connectivity was the same as for a local client in the LAN.

  0  
  0  
#5
Options
Re:Problems with IPsec IKEv2 VPN for Android 14
Saturday

Hi @NutsB22 

Thanks for posting in our business forum.

NutsB22 wrote

  @Clive_A 

 

My former vendor was a Ubiquiti EdgeRouter. And VPN worked as described before.


I upgrade to tp-link in case of better inter vlan routing throughput and ike2 support.

Ubiquiti provide an VPN ip range inside the a main LAN for example 192.168.1.10 - 192.168.1.12/24
So remote VPN devices get this IPs addressed and be a part of the main LAN network direclty.
All routing and connectivity was the same as for a local client in the LAN.

A document for this would be great.

All routing is proxied by the VPN tunnel, IPsec? I appreciate it if you could link me to that so I can write a specific report about it.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. Don't be a lazy asker. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#6
Options
Re:Problems with IPsec IKEv2 VPN for Android 14
Saturday

  @Clive_A 

 

search for article    204950294-EdgeRouter-L2TP-IPsec-VPN-Server

i have using this on IPsec L2TP base some time ago and it was a brilliant solution until Android drop l2tp and require ike2.

As you can see a vpn ip pool was possible to define and user authentication via radius as well.

 

I would be satisfied if tp-link could provide a nearly VPN Client solution to access internet from the Router perspective.

  0  
  0  
#7
Options
Re:Problems with IPsec IKEv2 VPN for Android 14-Solution
Saturday - last edited Monday

  @NutsB22 

 

you are talking about two different technologies, L2TP/Ipsec has the possibility of full tunneling on TP-Link as well. but Android no longer supports L2TP, you need to use wireguard or OpenVPN for full tunnel. this also applies to Unifi. I don't think either the Edge router or Unifi has an IPsec IKEv2 VPN Server like TP-Link has.

 

 

Recommended Solution
  1  
  1  
#8
Options
Re:Problems with IPsec IKEv2 VPN for Android 14
Saturday
....another proof that newer technologies are not always better. Just from the user perspective. Security is a different challenge.
  0  
  0  
#9
Options
Re:Problems with IPsec IKEv2 VPN for Android 14
Monday

Hi @NutsB22 

Thanks for posting in our business forum.

NutsB22 wrote

  @Clive_A 

 

search for article    204950294-EdgeRouter-L2TP-IPsec-VPN-Server

i have using this on IPsec L2TP base some time ago and it was a brilliant solution until Android drop l2tp and require ike2.

As you can see a vpn ip pool was possible to define and user authentication via radius as well.

 

I would be satisfied if tp-link could provide a nearly VPN Client solution to access internet from the Router perspective.

I don't think we are talking about the same concept. L2TP is possible to proxy and that has articles about this.  L2TP is only using IPsec encryption but it is not an IPsec protocol.

We support the same config as the L2TP over IPsec. You can proxy by that as well.

I don't think you can do the same thing on the UBNT devices either. Any other vendors for me to refer?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. Don't be a lazy asker. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#10
Options
Re:Problems with IPsec IKEv2 VPN for Android 14
16 hours ago

  @Clive_A 

 

Just seen this from the user perspective and in this case has L2TP more options to satisfy us.

The real pain is that android decides to require Ike2 for VPN.

When i look back what a fine solution this was for android to work with VPNs.

Now we have to life with the technical possibilities that ipsec ike2 give us.

And once again, this is a step backwards for the android family.

I feel good that tp-link support ike2 to get VPN for Android user, it's limited in

compare to former solutions but hey we happy that is working....

Thanks for the deep dive 😉

 

 

 

  0  
  0  
#11
Options
12

Information

Helpful: 0

Views: 181

Replies: 11

Related Articles
IKEv2 VPN not working on Android 14 to ER605v2 (Galaxy S24 Ultra)
2191 0
How to Configure IPsec IKEv2 VPN for Android 13/14 or iPhone (With Troubleshooting Included)
9593 1
Android VPN Client IP-SEC IKEv2 supported at ER707-M2 ???
2841 0
VPN IPSEC IKEv2 windows and Android clients
166 0
VPN Ipsec IKE v2 PSK
308 0
IKEv2/IPSec VPN server to connect Android 12 clients to the network.
17896 2
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.