[SOLVED] Impossible to access the internet from Android with an IPSec VPN tunnel

[SOLVED] Impossible to access the internet from Android with an IPSec VPN tunnel

[SOLVED] Impossible to access the internet from Android with an IPSec VPN tunnel
[SOLVED] Impossible to access the internet from Android with an IPSec VPN tunnel
2024-10-23 18:49:22 - last edited 3 weeks ago
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.4 Build 20240119 Rel.44368

Good day, gentlemen. I'm having an issue accessing the internet from my Android phone. I've followed all the guides out there, including the official TP-Link configuration guide and some recommendations from other users with the same problem in other forums. I'm using an ER605 V2 router with last firmware, and it seems like the router itself is blocking internet access. Let me explain further:

My phone is a Samsung S23, so I followed the configuration guide’s recommendation (https://www.tp-link.com/us/support/faq/3447/), and I can connect to the VPN, but I don’t get internet access. I can connect and ping local IP addresses, access the router, the DVR, etc., but if I try to ping external addresses like Google's or Cloudflare's DNS (8.8.8.8 or 1.1.1.1), there’s no response.

Now, if I assign the DNS servers for the VPN directly in the router, I’m able to ping those IPs from my Android phone and even access the Cloudflare website by entering 1.1.1.1 in the web browser. But that’s it—I can’t access Google.com or any other website.

I had already tried adding the firewall rules, tested with different security levels and encapsulations for IKEv2, and nothing worked. I even tried using WireGuard and OpenVPN, but neither gave me internet access.

Could it be something related to my phone?

 

I also want to clarify that I saw many users who have the same problem. Maybe it is the TPlink brand, which does not work for this.

 

 

 

 

 

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:Impossible to access the internet from Android with an IPSec VPN tunnel-Solution
2024-10-24 01:05:41 - last edited 2024-10-24 02:06:28

Hi @Mandyzor 

Thanks for posting in our business forum.

IPsec does not proxy and mask your IP address. If you cannot access these websites, consider full mode on OVPN or WireGuard.

 

You can try to set the IP as 0.0.0.0/0 but this does not guarantee you have the full tunnel as the IPsec was created for the Client-to-Site or Site-to-Site. Instead of proxying. Other types of VPN support that.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#2
Options
5 Reply
Re:Impossible to access the internet from Android with an IPSec VPN tunnel-Solution
2024-10-24 01:05:41 - last edited 2024-10-24 02:06:28

Hi @Mandyzor 

Thanks for posting in our business forum.

IPsec does not proxy and mask your IP address. If you cannot access these websites, consider full mode on OVPN or WireGuard.

 

You can try to set the IP as 0.0.0.0/0 but this does not guarantee you have the full tunnel as the IPsec was created for the Client-to-Site or Site-to-Site. Instead of proxying. Other types of VPN support that.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#2
Options
Re:Impossible to access the internet from Android with an IPSec VPN tunnel
2024-10-24 02:06:01

  @Clive_A I appreciate the comment and the help. I made the changes exactly as you mentioned, and it worked! I was able to connect via VPN from my phone to the router and obtain the router's IP. Thank you very much.

 

By the way, would it be possible to create an L2TP tunnel or server to connect from Windows? I've noticed that when trying to add another server, if the IPsec server is already created with the IP 0.0.0.0, I can't create another one with the same characteristics because it conflicts with the IP. Instead, I have to specify the IP from which the connection originates. Am I explaining myself? Or would it be possible to connect via IPsec from Windows?

 

 

  0  
  0  
#3
Options
Re:Impossible to access the internet from Android with an IPSec VPN tunnel
2024-10-24 02:17:30

Hi @Mandyzor 

Thanks for posting in our business forum.

Mandyzor wrote

  @Clive_A I appreciate the comment and the help. I made the changes exactly as you mentioned, and it worked! I was able to connect via VPN from my phone to the router and obtain the router's IP. Thank you very much.

 

By the way, would it be possible to create an L2TP tunnel or server to connect from Windows? I've noticed that when trying to add another server, if the IPsec server is already created with the IP 0.0.0.0, I can't create another one with the same characteristics because it conflicts with the IP. Instead, I have to specify the IP from which the connection originates. Am I explaining myself? Or would it be possible to connect via IPsec from Windows?

 

 

L2TP, yes. That's what Windows supports. I am not sure if Windows supports IPsec.

 

You don't have to create another IPsec profile since you have the 0.0.0.0/0 on your router. But if this error shows up when you create the L2TP, you might consider OVPN or WG to avoid that issue.

L2TP is based on the IPsec. What we call L2TP today is L2TP over IPsec.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#4
Options
Re:Impossible to access the internet from Android with an IPSec VPN tunnel
2024-10-24 02:37:42 - last edited 2024-10-24 02:42:18

  @Clive_A 

Hello, thanks again for your response. Sorry if I’m not explaining myself well. I mean that, to use the VPN by connecting from my Android phone, I have to create the IPSec policy without needing to set up the L2TP server and without the need for a username and password. Now, if I want to connect from my Windows PC, I must first have created the L2TP server on the router and set up a username and password.

The problem arises if I want to use both. For example, I’ve now created the IPSec policy to connect with Android, but when I go to the section to create an L2TP server, it won’t let me. It says it conflicts with the IP? It seems like it's duplicating or saying that connection already exists because I used 0.0.0.0. So, I can’t connect from Windows.

Surely, if I had first created the L2TP server, which if I’m not mistaken, also creates the IPSec policy, I’m not sure if it would be possible to connect from Android, since I wouldn’t have previously configured the connection protocols like SHA2 or the proposals or encapsulations. I mean, if i delete the IPSec policy (that i used for connect android), and i create the L2TP server, i can not connect anymore with my android phone.

The reason I use L2TP/IPSec is that the client is already installed on the system, and I don't need third-party software. On the other hand, with WireGuard or OVPN, I would need to download additional software, and I prefer to use what is already integrated into the operating system.

If not, I will use PPTP to connect through Windows. Thank you for the valuable help.

 

 

  0  
  0  
#5
Options
Re:Impossible to access the internet from Android with an IPSec VPN tunnel
2024-10-24 07:15:51

Hi  @Mandyzor 

Thanks for posting in our business forum.

Mandyzor wrote

  @Clive_A 

Hello, thanks again for your response. Sorry if I’m not explaining myself well. I mean that, to use the VPN by connecting from my Android phone, I have to create the IPSec policy without needing to set up the L2TP server and without the need for a username and password. Now, if I want to connect from my Windows PC, I must first have created the L2TP server on the router and set up a username and password.

The problem arises if I want to use both. For example, I’ve now created the IPSec policy to connect with Android, but when I go to the section to create an L2TP server, it won’t let me. It says it conflicts with the IP? It seems like it's duplicating or saying that connection already exists because I used 0.0.0.0. So, I can’t connect from Windows.

Surely, if I had first created the L2TP server, which if I’m not mistaken, also creates the IPSec policy, I’m not sure if it would be possible to connect from Android, since I wouldn’t have previously configured the connection protocols like SHA2 or the proposals or encapsulations. I mean, if i delete the IPSec policy (that i used for connect android), and i create the L2TP server, i can not connect anymore with my android phone.

The reason I use L2TP/IPSec is that the client is already installed on the system, and I don't need third-party software. On the other hand, with WireGuard or OVPN, I would need to download additional software, and I prefer to use what is already integrated into the operating system.

If not, I will use PPTP to connect through Windows. Thank you for the valuable help.

 

 

 

That's what I am talking about.

 

So consider a different VPN type. Setting 0.0.0.0 is the way to fix your proxy but not gonna work for your final expectation. Usually, we don't set 0.0.0.0/0 on IPsec. That's not ideal and the VPN type is not designed for proxy.

 

I don't recommend PPTP. Consider OVPN or WG.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#6
Options