Cannot connect to any host on Android with StrongSwan

[ArchiDevil]

Checklist

• [x] I read the README
• [x] I read the Important notes
• [x] I followed instructions to configure VPN clients
• [x] I checked IKEv1 troubleshooting, IKEv2 troubleshooting, enabled logs and checked VPN status
• [x] I searched existing Issues
• [ ] This bug is about the IPsec VPN server Docker image, and not IPsec VPN itself (UNKNOWN)

Describe the issue When I connect to the server via StrongSwan I cannot open any site. Tried it on multiple VPS and multiple Android devices.

To Reproduce Steps to reproduce the behavior:

1. Install VPN server to your VPS
2. Set up StrongSwan using the guide here (by importing configuration from .sswan file)
3. Connect to VPN
4. Try to open any website.

Expected behavior Sites should be opened and applications should connect.

Server (please complete the following information)

• Docker host OS: Debian 11
• Hosting provider (if applicable): Multiple

Client (please complete the following information)

• Device: Multiple devices
• OS: Android 11
• VPN mode: IKEv2

Additional context Logs from StrongSwan are here: charon.log

It works as expected if I use IPsec/L2TP auth.

[hwdsl2]

@ArchiDevil Hello! Thanks for reporting this issue. I tested this use case (Android using strongSwan VPN client and IKEv2 mode) and it worked fine.

Your strongSwan logs look normal. Because you tried multiple Android devices and multiple hosting providers, and observed the same issue, I suspect that the issue may be with your home router (if applicable). Try connecting via cellular (4G/5G) and see if the VPN works fine. If so, the issue may be with your router.

For additional troubleshooting information please see: https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto.md#cannot-open-websites-after-connecting-to-ikev2

You can also try setting up the VPN directly on a new server without Docker.

[ArchiDevil]

I tried everything from these instructions, of course. Nothing helped. How can I debug the issue? It seems like traffic from my device is not routed, but iptables output looks fine. What can I do to find the issue?

[hwdsl2]

@ArchiDevil Try connecting via cellular (4G/5G) and see if the VPN works fine. If so, the issue may be with your router. To check whether it's a DNS issue (unlikely), try visiting e.g. https://1.1.1.1 after connecting to the VPN.

For further troubleshooting, you may enable and check Libreswan (IPsec) logs on the server, see Enable Libreswan logs.