L2TP/IPSEC problem with native Android VPN client



  • Hello everyone

    Yesterday I followed this guide https://docs.netgate.com/pfsense/en/latest/book/l2tp/l2tp-with-ipsec.html and successfully setup my L2TP/IPsec VPN on my pfsense firewall.
    However, I am having weird problem with my native Android VPN client

    I have a Google Pixel 4XL running latest Android 10

    the problem that I am having is the VPN on my Android using Chrome opening up webpage very slow, and most importantly, I can open any website but not google.com (which really bugs me, why google.com is that special?)

    what I tested:

    tether to my pixel phone running on LTE network with my Windows 10 and iPad with each platform's native VPN client, everything works like a dream, webpages load instantly and I have no problem opening google.com

    however when I connect to my VPN on my Pixel phone itself on LTE, webpages takes longer time to open (like 3-5 seconds delay but will open eventually), open google.com only shows server takes too long to respond and page wont load

    I installed the he.net tool from Google play store https://play.google.com/store/apps/details?id=net.he.networktools&hl=en_CA and discovered the following weird behavior

    on my Pixel, when VPN on, in the DNS section of the he.net tool, I cannot do any NS lookup, only shows network error. With VPN off this obviously works
    on my iPad, when VPN on, in the DNS section, I can do lookup without any problem
    BUT, on my android he.net tool, when I try to do trace route with google.com domain, I was able to trace just fine so I guess the domain name got resolved successfully??

    So I suspect there is something wrong with my DNS resolver(Unbound) config in pfsense, but I checked everything and it seems to be working just fine? I thought somehow Android client is not using the right DNS server address (I think with L2TP/IPSEC its defaults to LAN which in my case 192.168.1.1 and my L2TP server is at 192.168.20.1 with ranges 192.168.20.128/25 which I can see on Android that my PPP interface is getting 192.168.20.128 assigned), so I even manually set the DNS server to 192.168.1.1 on my Android VPN client config and same result, I can see when I go to google on my Pixel with VPN on DNS resolver log shows 192.168.20.128 tries to query A records for www.google.com

    Now I am clueless and don't know where to look into anymore, any help will be appreciated, thanks a lot


Log in to reply