I have issue with IKE vpn in my network, i tried speedtest on win10 PC, it runs fine, but in my android phone, upload is failed.
These are the screenshots of the test results.
Android phone
Win10 PC
Below are some of the codes i extract from my router. I would like to seek for your advice what could be wrong in my settings. Thank you
/ip ipsec mode-config
add connection-mark="PV MY" name="PV MY" responder=no src-address-list=local1 \
use-responder-dns=no
add connection-mark="PV HK" name="PV HK" responder=no src-address-list=local1 \
use-responder-dns=no
add connection-mark="PV SG" name="PV SG" responder=no src-address-list=local1 \
use-responder-dns=no
add connection-mark="PV BN" name="PV BN" responder=no src-address-list=local1 \
use-responder-dns=no
add connection-mark="PV US" name="PV US" responder=no src-address-list=local1 \
use-responder-dns=no
add connection-mark="IKE MY" name="IKE MY" responder=no src-address-list=\
local1 use-responder-dns=no
/ip ipsec profile
set [ find default=yes ] dh-group=modp1024 enc-algorithm=3des
add dh-group="ecp256,ecp384,ecp521,ec2n185,ec2n155,modp8192,modp6144,modp4096,\
modp3072,modp2048,modp1536,modp1024,modp768" enc-algorithm="aes-256,camell\
ia-256,aes-192,camellia-192,aes-128,camellia-128,3des,blowfish,des" name=\
pointtoserver.com
add dh-group=ecp256,modp2048 dpd-interval=disable-dpd enc-algorithm=aes-256 \
hash-algorithm=sha256 name=IKEV2
/ip ipsec peer
add address=MY2-auto-ikev.ptoserver.com exchange-mode=ike2 name="IKE MY" \
profile=IKEV2
add address=bn-ikev.ptoserver.com exchange-mode=ike2 name="IKE BN" profile=\
IKEV2
add address=bn-ipsec.ptoserver.com disabled=yes name="PV BN" profile=\
pointtoserver.com
add address=hk-ipsec.ptoserver.com disabled=yes name="PV HK" profile=\
pointtoserver.com
add address=my2-auto-ikev.ptoserver.com disabled=yes name="PV MY" profile=\
pointtoserver.com
add address=sg2-auto-ipsec.ptoserver.com disabled=yes name="PV SG" profile=\
pointtoserver.com
add address=us2-ipsec.ptoserver.com disabled=yes name="PV US" profile=\
pointtoserver.com
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des pfs-group=none
add auth-algorithms=sha512,sha256,sha1,md5 enc-algorithms="aes-256-cbc,aes-256\
-ctr,aes-256-gcm,camellia-256,aes-192-cbc,aes-192-ctr,aes-192-gcm,camellia\
-192,aes-128-cbc,aes-128-ctr,aes-128-gcm,camellia-128,3des,blowfish,twofis\
h,des" name=pointtoserver.com pfs-group=none
add auth-algorithms=sha512,sha256,sha1 enc-algorithms=\
aes-256-cbc,aes-192-cbc,aes-128-cbc,3des,des lifetime=0s name=IKEV2 \
pfs-group=none
/ip firewall mangle
add action=mark-routing chain=prerouting comment=NOTE8 disabled=yes \
dst-address-list=!local dst-address-type=!local,broadcast,multicast \
new-routing-mark=note8 passthrough=yes src-address=192.168.88.254
add action=mark-connection chain=prerouting comment=NOTE8 disabled=yes \
dst-address-list=!local log-prefix=note8 new-connection-mark="IKE MY" \
passthrough=no routing-mark=note8
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
add dst-address=0.0.0.0/0 group=pointtoserver.com proposal=pointtoserver.com \
src-address=0.0.0.0/0 template=yes
add dst-address=0.0.0.0/0 group=IKEV2 proposal=IKEV2 src-address=0.0.0.0/0 \
template=yes
