Problems with IPsec IKEv2 VPN for Android 14
Problems with IPsec IKEv2 VPN for Android 14
Hi all
Hi @Clive_A
I follow the guide LINK to establish a IPsec VPN with my Android 14 cell phone and the connection is working
One BUT, i able to enter the server in the LAN segment from remote VPN client but can't use the connected phone to
access internet if VPN is running!?!?
In regular i expect that the phone is a device in LAN on the router via VPN, so it should have internet access as well.
Is this a bug?
BR
David
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @NutsB22
Thanks for posting in our business forum.
Expected. IPsec is not created for proxy. Consider other types of VPN. You should access the LAN and that's it. Internet access is routed locally on your phone. If you have any questions regarding the IPsec, you may kindly Google for its Wikipedia.
Note that a full tunnel(proxy) will forward all traffic in other VPN types. If you use the WG, you have more options for choosing what subnet you intend to access.
- Copy Link
- Report Inappropriate Content
you are talking about two different technologies, L2TP/Ipsec has the possibility of full tunneling on TP-Link as well. but Android no longer supports L2TP, you need to use wireguard or OpenVPN for full tunnel. this also applies to Unifi. I don't think either the Edge router or Unifi has an IPsec IKEv2 VPN Server like TP-Link has.
- Copy Link
- Report Inappropriate Content
Hi @NutsB22
Thanks for posting in our business forum.
Expected. IPsec is not created for proxy. Consider other types of VPN. You should access the LAN and that's it. Internet access is routed locally on your phone. If you have any questions regarding the IPsec, you may kindly Google for its Wikipedia.
Note that a full tunnel(proxy) will forward all traffic in other VPN types. If you use the WG, you have more options for choosing what subnet you intend to access.
- Copy Link
- Report Inappropriate Content
is was wondering because in my former IPsec ike1 szenaro was this working like charm.....
I connect my android phone via IPsec into the router, get an IP inside the LAN and was able to establish all connectivity's as a local client.
Now with the tp-Link router, the VPN client get a host ip in an different subnet and possible missing a proxy....!?
This is not really an improvement....
In fact my phone is connected into the VPN, i have no more mobile internet available. The VPN host 172.31.1.1 is able to access my selected vlans and clients, so there is a route provided but no connectivity across the router NAT into internet. This is a really half baken VPN solution
- Copy Link
- Report Inappropriate Content
Hi @NutsB22
Thanks for posting in our business forum.
NutsB22 wrote
is was wondering because in my former IPsec ike1 szenaro was this working like charm.....
I connect my android phone via IPsec into the router, get an IP inside the LAN and was able to establish all connectivity's as a local client.
Now with the tp-Link router the VPN client get a host ip in an different subnet and possible missing a proxy....
This is not really an improvement....
What vendor does support proxy? Open to your suggestions if you can mention any and with their guides. I can submit a request and evaluation. I really don't think it is a missing feature.
- Copy Link
- Report Inappropriate Content
My former vendor was a Ubiquiti EdgeRouter. And VPN worked as described before.
I upgrade to tp-link in case of better inter vlan routing throughput and ike2 support.
Ubiquiti provide an VPN ip range inside the a main LAN for example 192.168.1.10 - 192.168.1.12/24
So remote VPN devices get this IPs addressed and be a part of the main LAN network direclty.
All routing and connectivity was the same as for a local client in the LAN.
- Copy Link
- Report Inappropriate Content
Hi @NutsB22
Thanks for posting in our business forum.
NutsB22 wrote
My former vendor was a Ubiquiti EdgeRouter. And VPN worked as described before.
I upgrade to tp-link in case of better inter vlan routing throughput and ike2 support.Ubiquiti provide an VPN ip range inside the a main LAN for example 192.168.1.10 - 192.168.1.12/24
So remote VPN devices get this IPs addressed and be a part of the main LAN network direclty.
All routing and connectivity was the same as for a local client in the LAN.
A document for this would be great.
All routing is proxied by the VPN tunnel, IPsec? I appreciate it if you could link me to that so I can write a specific report about it.
- Copy Link
- Report Inappropriate Content
search for article 204950294-EdgeRouter-L2TP-IPsec-VPN-Server
i have using this on IPsec L2TP base some time ago and it was a brilliant solution until Android drop l2tp and require ike2.
As you can see a vpn ip pool was possible to define and user authentication via radius as well.
I would be satisfied if tp-link could provide a nearly VPN Client solution to access internet from the Router perspective.
- Copy Link
- Report Inappropriate Content
you are talking about two different technologies, L2TP/Ipsec has the possibility of full tunneling on TP-Link as well. but Android no longer supports L2TP, you need to use wireguard or OpenVPN for full tunnel. this also applies to Unifi. I don't think either the Edge router or Unifi has an IPsec IKEv2 VPN Server like TP-Link has.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi @NutsB22
Thanks for posting in our business forum.
NutsB22 wrote
search for article 204950294-EdgeRouter-L2TP-IPsec-VPN-Server
i have using this on IPsec L2TP base some time ago and it was a brilliant solution until Android drop l2tp and require ike2.
As you can see a vpn ip pool was possible to define and user authentication via radius as well.
I would be satisfied if tp-link could provide a nearly VPN Client solution to access internet from the Router perspective.
I don't think we are talking about the same concept. L2TP is possible to proxy and that has articles about this. L2TP is only using IPsec encryption but it is not an IPsec protocol.
We support the same config as the L2TP over IPsec. You can proxy by that as well.
I don't think you can do the same thing on the UBNT devices either. Any other vendors for me to refer?
- Copy Link
- Report Inappropriate Content
Just seen this from the user perspective and in this case has L2TP more options to satisfy us.
The real pain is that android decides to require Ike2 for VPN.
When i look back what a fine solution this was for android to work with VPNs.
Now we have to life with the technical possibilities that ipsec ike2 give us.
And once again, this is a step backwards for the android family.
I feel good that tp-link support ike2 to get VPN for Android user, it's limited in
compare to former solutions but hey we happy that is working....
Thanks for the deep dive 😉
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 903
Replies: 11
Voters 0
No one has voted for it yet.