Knowledge Base [SOLVED] Impossible to access the internet from Android with an IPSec VPN tunnel
Good day, gentlemen. I'm having an issue accessing the internet from my Android phone. I've followed all the guides out there, including the official TP-Link configuration guide and some recommendations from other users with the same problem in other forums. I'm using an ER605 V2 router with last firmware, and it seems like the router itself is blocking internet access. Let me explain further:
My phone is a Samsung S23, so I followed the configuration guide’s recommendation (https://www.tp-link.com/us/support/faq/3447/), and I can connect to the VPN, but I don’t get internet access. I can connect and ping local IP addresses, access the router, the DVR, etc., but if I try to ping external addresses like Google's or Cloudflare's DNS (8.8.8.8 or 1.1.1.1), there’s no response.
Now, if I assign the DNS servers for the VPN directly in the router, I’m able to ping those IPs from my Android phone and even access the Cloudflare website by entering 1.1.1.1 in the web browser. But that’s it—I can’t access Google.com or any other website.
I had already tried adding the firewall rules, tested with different security levels and encapsulations for IKEv2, and nothing worked. I even tried using WireGuard and OpenVPN, but neither gave me internet access.
Could it be something related to my phone?
I also want to clarify that I saw many users who have the same problem. Maybe it is the TPlink brand, which does not work for this.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @Mandyzor
Thanks for posting in our business forum.
IPsec does not proxy and mask your IP address. If you cannot access these websites, consider full mode on OVPN or WireGuard.
You can try to set the IP as 0.0.0.0/0 but this does not guarantee you have the full tunnel as the IPsec was created for the Client-to-Site or Site-to-Site. Instead of proxying. Other types of VPN support that.
- Copy Link
- Report Inappropriate Content
Hi @Mandyzor
Thanks for posting in our business forum.
IPsec does not proxy and mask your IP address. If you cannot access these websites, consider full mode on OVPN or WireGuard.
You can try to set the IP as 0.0.0.0/0 but this does not guarantee you have the full tunnel as the IPsec was created for the Client-to-Site or Site-to-Site. Instead of proxying. Other types of VPN support that.
- Copy Link
- Report Inappropriate Content
@Clive_A I appreciate the comment and the help. I made the changes exactly as you mentioned, and it worked! I was able to connect via VPN from my phone to the router and obtain the router's IP. Thank you very much.
By the way, would it be possible to create an L2TP tunnel or server to connect from Windows? I've noticed that when trying to add another server, if the IPsec server is already created with the IP 0.0.0.0, I can't create another one with the same characteristics because it conflicts with the IP. Instead, I have to specify the IP from which the connection originates. Am I explaining myself? Or would it be possible to connect via IPsec from Windows?
- Copy Link
- Report Inappropriate Content
Hi @Mandyzor
Thanks for posting in our business forum.
Mandyzor wrote
@Clive_A I appreciate the comment and the help. I made the changes exactly as you mentioned, and it worked! I was able to connect via VPN from my phone to the router and obtain the router's IP. Thank you very much.
By the way, would it be possible to create an L2TP tunnel or server to connect from Windows? I've noticed that when trying to add another server, if the IPsec server is already created with the IP 0.0.0.0, I can't create another one with the same characteristics because it conflicts with the IP. Instead, I have to specify the IP from which the connection originates. Am I explaining myself? Or would it be possible to connect via IPsec from Windows?
L2TP, yes. That's what Windows supports. I am not sure if Windows supports IPsec.
You don't have to create another IPsec profile since you have the 0.0.0.0/0 on your router. But if this error shows up when you create the L2TP, you might consider OVPN or WG to avoid that issue.
L2TP is based on the IPsec. What we call L2TP today is L2TP over IPsec.
- Copy Link
- Report Inappropriate Content
Hello, thanks again for your response. Sorry if I’m not explaining myself well. I mean that, to use the VPN by connecting from my Android phone, I have to create the IPSec policy without needing to set up the L2TP server and without the need for a username and password. Now, if I want to connect from my Windows PC, I must first have created the L2TP server on the router and set up a username and password.
The problem arises if I want to use both. For example, I’ve now created the IPSec policy to connect with Android, but when I go to the section to create an L2TP server, it won’t let me. It says it conflicts with the IP? It seems like it's duplicating or saying that connection already exists because I used 0.0.0.0. So, I can’t connect from Windows.
Surely, if I had first created the L2TP server, which if I’m not mistaken, also creates the IPSec policy, I’m not sure if it would be possible to connect from Android, since I wouldn’t have previously configured the connection protocols like SHA2 or the proposals or encapsulations. I mean, if i delete the IPSec policy (that i used for connect android), and i create the L2TP server, i can not connect anymore with my android phone.
The reason I use L2TP/IPSec is that the client is already installed on the system, and I don't need third-party software. On the other hand, with WireGuard or OVPN, I would need to download additional software, and I prefer to use what is already integrated into the operating system.
If not, I will use PPTP to connect through Windows. Thank you for the valuable help.
- Copy Link
- Report Inappropriate Content
Hi @Mandyzor
Thanks for posting in our business forum.
Mandyzor wrote
Hello, thanks again for your response. Sorry if I’m not explaining myself well. I mean that, to use the VPN by connecting from my Android phone, I have to create the IPSec policy without needing to set up the L2TP server and without the need for a username and password. Now, if I want to connect from my Windows PC, I must first have created the L2TP server on the router and set up a username and password.
The problem arises if I want to use both. For example, I’ve now created the IPSec policy to connect with Android, but when I go to the section to create an L2TP server, it won’t let me. It says it conflicts with the IP? It seems like it's duplicating or saying that connection already exists because I used 0.0.0.0. So, I can’t connect from Windows.
Surely, if I had first created the L2TP server, which if I’m not mistaken, also creates the IPSec policy, I’m not sure if it would be possible to connect from Android, since I wouldn’t have previously configured the connection protocols like SHA2 or the proposals or encapsulations. I mean, if i delete the IPSec policy (that i used for connect android), and i create the L2TP server, i can not connect anymore with my android phone.
The reason I use L2TP/IPSec is that the client is already installed on the system, and I don't need third-party software. On the other hand, with WireGuard or OVPN, I would need to download additional software, and I prefer to use what is already integrated into the operating system.
If not, I will use PPTP to connect through Windows. Thank you for the valuable help.
That's what I am talking about.
So consider a different VPN type. Setting 0.0.0.0 is the way to fix your proxy but not gonna work for your final expectation. Usually, we don't set 0.0.0.0/0 on IPsec. That's not ideal and the VPN type is not designed for proxy.
I don't recommend PPTP. Consider OVPN or WG.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 211
Replies: 5
Voters 0
No one has voted for it yet.