Libreswan (IPSec/XAuth) and Always-on VPN

by tan-ce   Last Updated July 24, 2018 14:11 PM

I set up an IPSec/Xauth (RSA) server with LibreSwan on a server. My Android device (a Pixel 2 XL with Android 8.1) actually connects fine when I manually start the VPN connection, and it does tunnel me through the server.

However, when I configure it to be "Always-on" it doesn't seem to work. To be precise:

  • IKE and SA establishment succeeds
  • Android reaches to connectivitycheck.gstatic.com and appears to succeed
  • I see occasional NAT-keepalive packets
  • But (most importantly!) no ESP packets are ever sent by my Android device!

Has anyone encountered this issue before? Even details on how the behaviour of Always-on VPNs differ from regular ones would be very helpful.

I did see this question here, asked back in 2014: Always-on VPN sends no traffic

Unfortunately for me, his problem went away when he updated to lollipop.

Tags : vpn


Related Questions