Community discussions

MikroTik App
 
kevinsaye
just joined
Topic Author
Posts: 4
Joined: Tue Jul 02, 2019 6:50 am

L2TP/IPSEC and Android Disconnect after ~83 seconds

Tue Jul 02, 2019 7:17 am

I am attempting to connect my LG Android 9 phone to 2011UiAS running 6.44.3. My final goal is to setup the Always Connected Setting, which only works on IPSEC.

I can connect with L2TP/IPSEC, but it disconnects on the Router side after about 30 seconds. The Phone still thinks it is connected, but the Router shows it is disconnected.

Here is what I have tried (with no success):
1. disabling DPD
2. PPTP works just fine
3 changing the profile to default (from default-encryption).
4. If I connect from my Windows 10 machine, it does not have an issue
5. changed the keepalive timeout setting in the L2TP Server

Reviewing the IP --> IPSEC --> Policies, I notice this difference in the Android vs. the Windows
Android does not have a Dest Port and the PH2 State is established and PH Count is 1
Windows does have a Dest POrt 1701 and the PH2 State is ready to send and PH Count is 2

You can see the logs below (public IP address removed):
jul/01 23:03:57 ipsec,info purging ISAKMP-SA A.B.C.D[500]<=>192.168.15.45[500] spi=0eacc81d1cbf41e4:8e63f669cd75638a.
jul/01 23:03:57 ipsec,info ISAKMP-SA deleted A.B.C.D[500]-192.168.15.45[500] spi:0eacc81d1cbf41e4:8e63f669cd75638a rekey:1
jul/01 23:03:57 ipsec,info respond new phase 1 (Identity Protection): A.B.C.D[500]<=>192.168.15.45[500]
jul/01 23:03:58 ipsec,info ISAKMP-SA established A.B.C.D[500]-192.168.15.45[500] spi:cd79d8e1c6c27b42:55f9ad45c3efc1ac
jul/01 23:03:59 l2tp,info first L2TP UDP packet received from 192.168.15.45
jul/01 23:04:00 l2tp,ppp,info,account ksaye logged in, 192.168.89.234
jul/01 23:04:00 l2tp,ppp,info <l2tp-ksaye-1>: authenticated
jul/01 23:04:00 interface,info <l2tp-ksaye-1> detect UNKNOWN
jul/01 23:04:00 l2tp,ppp,info <l2tp-ksaye-1>: connected
jul/01 23:04:06 interface,info <l2tp-ksaye-1> detect WAN
jul/01 23:05:23 l2tp,ppp,info <l2tp-ksaye-1>: terminating... - hungup
jul/01 23:05:23 l2tp,ppp,info,account ksaye logged out, 84 23364 49790 68 329
jul/01 23:05:23 l2tp,ppp,info <l2tp-ksaye-1>: disconnected

Trying to stay native Android client, what am I missing or has anyone seen and solve this?
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: L2TP/IPSEC and Android Disconnect after ~83 seconds

Tue Jul 02, 2019 9:47 am

You'll have to set ipsec logging and ppp logging to debug:
/system logging
add topics=ipsec,!packet
add topics=l2tp

and try again, the log will show you more details. Use /log print follow-only file=android-startup where topics~"ipsec|l2tp" to save the relevant log items into a file, as hundreds of lines will be generated for the single attempt.
 
kevinsaye
just joined
Topic Author
Posts: 4
Joined: Tue Jul 02, 2019 6:50 am

Re: L2TP/IPSEC and Android Disconnect after ~83 seconds

Tue Jul 16, 2019 9:46 pm

Thank you for the reply. I have done what you asked. I do see where the router is sending a HELLO and the Android phone seems to not be responding, as shown below:
13:31:26 l2tp,debug,packet sent control message to %PhoneIPAddress%:55721 from %RouterWANIPAddress%:1701
13:31:26 l2tp,debug,packet tunnel-id=45592, session-id=0, ns=2, nr=4
13:31:26 l2tp,debug,packet (M) Message-Type=HELLO
13:31:34 l2tp,debug tunnel 56 received no replies, disconnecting
13:31:34 l2tp,debug tunnel 56 entering state: dead
13:31:34 l2tp,debug session 1 entering state: dead
The full log is here: https://1drv.ms/t/s!As1Irph5sA_-rrdXQGFXwuhv3bJvFg

Any suggestions on how to address this?

Kevin
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: L2TP/IPSEC and Android Disconnect after ~83 seconds

Tue Jul 16, 2019 10:38 pm

I do see where the router is sending a HELLO and the Android phone seems to not be responding, as shown below:
I agree with your analysis, everything comes up successfully and then the Android doesn't respond the very first l2tp HELLO, except that before and after the HELLO messages, there are also IPsec keepalive (KA) messages (once every 20 s) which remain unresponded too.

There is a surprising item in the log,
13:30:17 interface,info <l2tp-ksaye> detect WAN.
It is probably not related, but it has induced a dark suspicion in my head - could it be that you have misunderstood the role of the routes parameter of /ppp secret and set it to 0.0.0.0/0 for user ksaye? The thing is that the purpose of this route list is not to be pushed to the client but to be added locally when the client connection comes up, so by overriding the existing default gateway by a new one through the tunnel, the IPsec transport packets start looping through the tunnel and never reach the internet.

The only remaining explanations are
  • some very impatient firewall between the phone and your 'Tik, which closes the UDP pinhole for the IPsec tunnel sooner than in 20 second since the last packet seen,
  • a bug in that version of Android.
 
Guscht
Member Candidate
Member Candidate
Posts: 236
Joined: Thu Jul 01, 2010 5:32 pm

Re: L2TP/IPSEC and Android Disconnect after ~83 seconds

Mon Mar 30, 2020 10:49 am

Hi, I have the exact same problem, after ~83 secs. the connections terminates in the same way as the OP said.
A Apple/iOS stays connected (same VPN-secret).
 
kevinsaye
just joined
Topic Author
Posts: 4
Joined: Tue Jul 02, 2019 6:50 am

Re: L2TP/IPSEC and Android Disconnect after ~83 seconds

Mon Mar 30, 2020 5:55 pm

I have found that using the LG VPN Client, which came with my phone, it stays connected longer. Clearly it is a bug/feature/limitation in the native VPN client.
 
Guscht
Member Candidate
Member Candidate
Posts: 236
Joined: Thu Jul 01, 2010 5:32 pm

Re: L2TP/IPSEC and Android Disconnect after ~83 seconds

Tue Mar 31, 2020 1:04 am

Did a bit testing today:

Win10: stays connected
Win7: stays connected
iOS 12: stays connected
Android 6: stays connected
Android 9: terminates after about 83 seconds...
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1135
Joined: Tue Oct 11, 2005 4:53 pm

Re: L2TP/IPSEC and Android Disconnect after ~83 seconds

Fri Apr 24, 2020 3:54 am

Android 9: terminates after about 83 seconds...
Also Android 10 on Samsung Galaxy S9+
Prior to the recent Android 10 upgrade from Android 9, it was definitely working for me without problems.

Has anyone found out any solution?
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: L2TP/IPSEC and Android Disconnect after ~83 seconds

Fri Apr 24, 2020 8:25 am

I'm afraid the most efficient way out is to install Strongswan on these Android phones. Sniffing on the WiFi AP to which the phone is connected might reveal something useful but chances aren't big. I can't do that due to lack of Android 9, 10 phones in my reach.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: L2TP/IPSEC and Android Disconnect after ~83 seconds

Fri Apr 24, 2020 8:43 am

Huawei with andorid 9
RouterOS 6.45.8
L2TP/IPSec stats connected.
 
Alexei
just joined
Posts: 1
Joined: Thu Apr 02, 2020 3:41 pm

Re: L2TP/IPSEC and Android Disconnect after ~83 seconds

Fri Apr 24, 2020 1:53 pm

Xiaomi MI8 Android 9 to 2011UiAS 6.46.4: terminates after about 83 seconds...

14:55:29 ipsec,info respond new phase 1 (Identity Protection): 79.xxx.xx.xxx[500]<=>31.xxx.xx.xx[20506]
14:55:29 ipsec,info ISAKMP-SA established 79.xxx.xx.xxx[4500]-31.xxx.xx.xx[17402] spi:9e852f0917fd9078:08c71eb54e4a23a0
14:55:31 l2tp,info first L2TP UDP packet received from 31.xxx.xx.xx
14:55:31 l2tp,ppp,info,account vpn_user1 logged in, 192.168.74.103
14:55:31 l2tp,ppp,info l2tp-client1: authenticated
14:55:31 l2tp,ppp,info l2tp-client1: connected
14:56:55 l2tp,ppp,info l2tp-client1: terminating... - hungup
14:56:55 l2tp,ppp,info,account vpn_user1 logged out, 84 367426 1812360 2299 2302
14:56:55 l2tp,ppp,info l2tp-client1: disconnected
14:58:08 ipsec,info purging ISAKMP-SA 79.xxx.xx.xxx[4500]<=>31.xxx.xx.xx[17402] spi=9e852f0917fd9078:08c71eb54e4a23a0.
14:58:08 ipsec,info ISAKMP-SA deleted 79.xxx.xx.xxx[4500]-31.xxx.xx.xx[17402] spi:9e852f0917fd9078:08c71eb54e4a23a0 rekey:1
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1135
Joined: Tue Oct 11, 2005 4:53 pm

Re: L2TP/IPSEC and Android Disconnect after ~83 seconds

Fri Apr 24, 2020 3:25 pm

From what I understand this is an Android bug and it's not specific to MikroTik.
So I don't see this one getting fixed any time soon (even if it's fixed, it will probably never make it to each vendor's updates).

For the time being I switched to Wireguard, and so far I am very happy with it. I'll probably stick with it for "road warrior" vpns.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: L2TP/IPSEC and Android Disconnect after ~83 seconds

Fri Apr 24, 2020 7:22 pm

The newest Android I could find was a 9 on an Xperia, works normally via mobile data (PSK authentication).
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1135
Joined: Tue Oct 11, 2005 4:53 pm

Re: L2TP/IPSEC and Android Disconnect after ~83 seconds

Sat Apr 25, 2020 4:01 pm

So I don't see this one getting fixed any time soon (even if it's fixed, it will probably never make it to each vendor's updates).
Wow! Talk about bad prediction!
Just today I got an update from Samsung! And while it didn't mention anything in the changelog, it appears that they included a fix for L2TP/IPSec.

So far it has been connected for over 10 minutes with not a single packet lost.

Still, I'll keep using Wireguard for the time being.
It handles network switching (WiFi/LTE) much more gracefully (I even managed to switch from WiFi to LTE and not lose a single ping).
 
User avatar
adrianTNT
Member Candidate
Member Candidate
Posts: 113
Joined: Sun Mar 10, 2019 4:27 am
Location: The Internet
Contact:

Re: L2TP/IPSEC and Android Disconnect after ~83 seconds

Tue Jun 23, 2020 2:45 am

I have the same problem.

Android 10 disconnects after around ~80 seconds
Old iPhone 5 SE remains connected.

This seems way to serious for IPSec+L2TP to be fully broken on Android.
Nothing we can do at our end ? What I noticed is that IPSec session remains on, and L2TP session disconnects.
(IPSec > Active Peers vs PPP > Active Connections).
 
ronal01
just joined
Posts: 13
Joined: Thu Jan 31, 2019 10:40 pm

Re: L2TP/IPSEC and Android Disconnect after ~83 seconds

Tue Oct 13, 2020 8:20 pm

I had a similar problem, and it was, the DHCP offer, when the ip address expired
 
sec
just joined
Posts: 5
Joined: Wed Jul 15, 2015 10:44 pm

Re: L2TP/IPSEC and Android Disconnect after ~83 seconds

Tue Sep 21, 2021 9:05 pm

Hello,

same problem here - tested from Xiaomi 9 Lite with MIUI 10.3.4 and from Xiaomi Redmi 6A 11.0.8, disconnection approximately after 1min and 20sec

Who is online

Users browsing this forum: Ahrefs [Bot], freemannnn and 68 guests