Knowledge Base [SOLVED] Impossible to access the internet from Android with an IPSec VPN tunnel
Good day, gentlemen. I'm having an issue accessing the internet from my Android phone. I've followed all the guides out there, including the official TP-Link configuration guide and some recommendations from other users with the same problem in other forums. I'm using an ER605 V2 router with last firmware, and it seems like the router itself is blocking internet access. Let me explain further:
My phone is a Samsung S23, so I followed the configuration guide’s recommendation (https://www.tp-link.com/us/support/faq/3447/), and I can connect to the VPN, but I don’t get internet access. I can connect and ping local IP addresses, access the router, the DVR, etc., but if I try to ping external addresses like Google's or Cloudflare's DNS (8.8.8.8 or 1.1.1.1), there’s no response.
Now, if I assign the DNS servers for the VPN directly in the router, I’m able to ping those IPs from my Android phone and even access the Cloudflare website by entering 1.1.1.1 in the web browser. But that’s it—I can’t access Google.com or any other website.
I had already tried adding the firewall rules, tested with different security levels and encapsulations for IKEv2, and nothing worked. I even tried using WireGuard and OpenVPN, but neither gave me internet access.
Could it be something related to my phone?
I also want to clarify that I saw many users who have the same problem. Maybe it is the TPlink brand, which does not work for this.
Hi @Mandyzor
Thanks for posting in our business forum.
IPsec does not proxy and mask your IP address. If you cannot access these websites, consider full mode on OVPN or WireGuard.
You can try to set the IP as 0.0.0.0/0 but this does not guarantee you have the full tunnel as the IPsec was created for the Client-to-Site or Site-to-Site. Instead of proxying. Other types of VPN support that.
Hi @Mandyzor
Thanks for posting in our business forum.
IPsec does not proxy and mask your IP address. If you cannot access these websites, consider full mode on OVPN or WireGuard.
You can try to set the IP as 0.0.0.0/0 but this does not guarantee you have the full tunnel as the IPsec was created for the Client-to-Site or Site-to-Site. Instead of proxying. Other types of VPN support that.
Hello, thanks again for your response. Sorry if I’m not explaining myself well. I mean that, to use the VPN by connecting from my Android phone, I have to create the IPSec policy without needing to set up the L2TP server and without the need for a username and password. Now, if I want to connect from my Windows PC, I must first have created the L2TP server on the router and set up a username and password.
The problem arises if I want to use both. For example, I’ve now created the IPSec policy to connect with Android, but when I go to the section to create an L2TP server, it won’t let me. It says it conflicts with the IP? It seems like it's duplicating or saying that connection already exists because I used 0.0.0.0. So, I can’t connect from Windows.
Surely, if I had first created the L2TP server, which if I’m not mistaken, also creates the IPSec policy, I’m not sure if it would be possible to connect from Android, since I wouldn’t have previously configured the connection protocols like SHA2 or the proposals or encapsulations. I mean, if i delete the IPSec policy (that i used for connect android), and i create the L2TP server, i can not connect anymore with my android phone.
The reason I use L2TP/IPSec is that the client is already installed on the system, and I don't need third-party software. On the other hand, with WireGuard or OVPN, I would need to download additional software, and I prefer to use what is already integrated into the operating system.
If not, I will use PPTP to connect through Windows. Thank you for the valuable help.
