Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    L2TP/IPSEC problem with native Android VPN client

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 769 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pixielark
      last edited by

      Hello everyone

      Yesterday I followed this guide https://docs.netgate.com/pfsense/en/latest/book/l2tp/l2tp-with-ipsec.html and successfully setup my L2TP/IPsec VPN on my pfsense firewall.
      However, I am having weird problem with my native Android VPN client

      I have a Google Pixel 4XL running latest Android 10

      the problem that I am having is the VPN on my Android using Chrome opening up webpage very slow, and most importantly, I can open any website but not google.com (which really bugs me, why google.com is that special?)

      what I tested:

      tether to my pixel phone running on LTE network with my Windows 10 and iPad with each platform's native VPN client, everything works like a dream, webpages load instantly and I have no problem opening google.com

      however when I connect to my VPN on my Pixel phone itself on LTE, webpages takes longer time to open (like 3-5 seconds delay but will open eventually), open google.com only shows server takes too long to respond and page wont load

      I installed the he.net tool from Google play store https://play.google.com/store/apps/details?id=net.he.networktools&hl=en_CA and discovered the following weird behavior

      on my Pixel, when VPN on, in the DNS section of the he.net tool, I cannot do any NS lookup, only shows network error. With VPN off this obviously works
      on my iPad, when VPN on, in the DNS section, I can do lookup without any problem
      BUT, on my android he.net tool, when I try to do trace route with google.com domain, I was able to trace just fine so I guess the domain name got resolved successfully??

      So I suspect there is something wrong with my DNS resolver(Unbound) config in pfsense, but I checked everything and it seems to be working just fine? I thought somehow Android client is not using the right DNS server address (I think with L2TP/IPSEC its defaults to LAN which in my case 192.168.1.1 and my L2TP server is at 192.168.20.1 with ranges 192.168.20.128/25 which I can see on Android that my PPP interface is getting 192.168.20.128 assigned), so I even manually set the DNS server to 192.168.1.1 on my Android VPN client config and same result, I can see when I go to google on my Pixel with VPN on DNS resolver log shows 192.168.20.128 tries to query A records for www.google.com

      Now I am clueless and don't know where to look into anymore, any help will be appreciated, thanks a lot

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.