[GH-ISSUE #143] Weird behaviour on Android #129

New issue

Closed

opened 2026-03-02 07:27:58 +03:00 by kerem · 1 comment

kerem commented 2026-03-02 07:27:58 +03:00

Owner

Copy link

Originally created by @eggbean on GitHub (Apr 29, 2019).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/143

I have successfully connected a Windows laptop to a Google Cloud server through IPsec/L2TP and an iPad through IPsec/L2TP and IPsec/XAuth.

Note: I set the DNS servers to CloudFlare's in the env file.

But my Android 7.0 phone will connect through IPsec/XAuth, but nothing can be accessed until I turn sha2-truncbug=no. Instead of messing around with the container, I try using IPsec/L2TP instead, but then everything goes really weird:

When I go to whatsmydnsserver.com, the DNS servers are owned by Google (not 8.8.8.8 or 8.8.4.4) and they change every time I refresh. My home router does not use Google DNS, so I don't know what's going on there.

Also, when I go to icanhazip.com, I get a totally different IP address (totally different CIDR) from what my server's IP address is. I refresh the page it alternates to a slightly different address where the last number is increased by 1 toggles between them with every refresh. When I do a whois for these IP addresses, it shows that these IP addresses are owned by Google.

This does not happen with my laptop or iPad. I'm 99% sure this wasn't happening when I was connecting the Android phone through IPsec/XAuth (after turning sha2-truncbug=no).

ipsec whack --trafficstatus shows that the phone is connecting to the server, but I am confused to why these things are happening. Does anybody know what is going on. or what further tests I can do to figure it out?

Also, is it preferable to use IPsec/XAuth over IPsec/L2TP for any reason, in general?

Thanks,

Originally created by @eggbean on GitHub (Apr 29, 2019). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/143 I have successfully connected a Windows laptop to a Google Cloud server through IPsec/L2TP and an iPad through IPsec/L2TP and IPsec/XAuth. Note: I set the DNS servers to CloudFlare's in the env file. But my Android 7.0 phone will connect through IPsec/XAuth, but nothing can be accessed until I turn sha2-truncbug=no. Instead of messing around with the container, I try using IPsec/L2TP instead, but then everything goes really weird: When I go to whatsmydnsserver.com, the DNS servers are owned by Google (not 8.8.8.8 or 8.8.4.4) and they change every time I refresh. My home router does not use Google DNS, so I don't know what's going on there. Also, when I go to icanhazip.com, I get a totally different IP address (totally different CIDR) from what my server's IP address is. I refresh the page it alternates to a slightly different address where the last number is increased by 1 toggles between them with every refresh. When I do a whois for these IP addresses, it shows that these IP addresses are owned by Google. This does not happen with my laptop or iPad. I'm 99% sure this wasn't happening when I was connecting the Android phone through IPsec/XAuth (after turning sha2-truncbug=no). `ipsec whack --trafficstatus` shows that the phone is connecting to the server, but I am confused to why these things are happening. Does anybody know what is going on. or what further tests I can do to figure it out? Also, is it preferable to use IPsec/XAuth over IPsec/L2TP for any reason, in general? Thanks,

kerem closed this issue 2026-03-02 07:27:58 +03:00

kerem commented 2026-03-02 07:27:59 +03:00

Author

Owner

Copy link

@hwdsl2 commented on GitHub (Apr 29, 2019):

@jason404 Hello! IPsec/XAuth mode has less overhead and is generally faster than IPsec/L2TP.

If your Android 7.0 phone requires sha2-truncbug=no to connect using IPsec/XAuth mode, chances are that this same change is required for IPsec/L2TP mode, too. Otherwise the connection might fail or you may be unable to open any website. By the way, to make things easier you may build your own Docker image [1] locally with the change above.

However I've never seen before the DNS and IP issues similar to what you described. I'm not sure about that. To further troubleshoot you may enable the Libreswan logs [2]. And maybe try restarting both the Docker container and your Android phone.

[1] https://github.com/hwdsl2/docker-ipsec-vpn-server#build-from-source-code
[2] https://github.com/hwdsl2/docker-ipsec-vpn-server#enable-libreswan-logs

<!-- gh-comment-id:487444781 --> @hwdsl2 commented on GitHub (Apr 29, 2019): @jason404 Hello! IPsec/XAuth mode has less overhead and is generally faster than IPsec/L2TP. If your Android 7.0 phone requires `sha2-truncbug=no` to connect using IPsec/XAuth mode, chances are that this same change is required for IPsec/L2TP mode, too. Otherwise the connection might fail or you may be unable to open any website. By the way, to make things easier you may build your own Docker image [1] locally with the change above. However I've never seen before the DNS and IP issues similar to what you described. I'm not sure about that. To further troubleshoot you may enable the Libreswan logs [2]. And maybe try restarting both the Docker container and your Android phone. [1] https://github.com/hwdsl2/docker-ipsec-vpn-server#build-from-source-code [2] https://github.com/hwdsl2/docker-ipsec-vpn-server#enable-libreswan-logs

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

No results found.

Labels

Clear labels   

bug

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question

No labels

bug

pull-request

question

question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/docker-ipsec-vpn-server#129

No description provided.