Android users can’t connect to L2TP/IPsec VPNs

Jan 6, 2017 13:41 GMT  ·  By

A significant number of Android users are still experiencing issues connecting to their companies’ VPNs, even though the bug was first reported to Google in December 2015.

Specifically, it turns out that a glitch first spotted in Android 6.0 Marshmallow and making it impossible for some people to connect to L2TP/IPsec VPNs still exists in Nougat, even though Google had more than one year to fix it.

But let’s see how it all started in late 2015, why it persists in Android 7 Nougat, and how some people are trying to deal with it since Google doesn’t seem to be very keen on delivering a fix.

What exactly is happening

First and foremost, let’s go back to December 2015 when the first user reported the bug to Google after updating to Android 6.0 Marshmallow. A post on Google Code said the following:

Unable to connect to L2TP/IPsec VPNs after upgrading to 6.0.1 on a Nexus 6 running MMB29K. No issues with L2TP/IPSec with 5.x.
No issues with certain other (e.g. Cisco) VPN technologies.
Other devices are able to connect to the same VPN servers I am testing.
Servers are based on openswan/xl2tpd.
This was just the beginning of a bug that’s now listed as “assigned,” considered to be “critical,” but somehow still not fixed in the latest versions of Android.

Soon after the first message was posted on December 12, 2015, many other users turned to the same discussion to report the problem. One of the many users added:

I have noticed the same issue after upgrading from 5.1.1 to 6.0.1 on both my Nexus 7 (flo) and Moto G2 (titan). (I am still able to access it with devices not updated to Marshmallow or not using Android.)
I am trying to connect to a VPN on a TL-ER604W through L2TP/IPsec with PSK.
So basically, what is happening after updating to Android 6.0 is that devices can no longer connect to L2TP/IPsec with PSK, even though everything was working perfectly fine in Android 5.0. For some reason, Android prefers users to switch to PPTP, which is a less secure protocol that many customers don’t want to use because of an obvious reason.

For what it’s worth, Apple has removed PPTP support from iOS 10, choosing instead to force users to switch to L2TP/IPsec. The difference between iOS 10 and Android is that this protocol actually works on iPhones.

In most of the cases, connecting to L2TP/IPsec fails with no detailed error message, and the unsuccessful message is provided after half a minute. Unless customers check server logs, it’s nearly impossible to determine why exactly the connection fails.

The bug doesn’t seem to be limited to a specific smartphone brand or model, as users are reporting that Nexus, Samsung, Motorola, LG, and many other devices are affected.

Still there in Nougat

Of course, since it was first reported in December 2015, it’s only natural to expect the bug to be fixed in the recently-released Android Nougat.

But… no, the bug is still there, so there still are plenty of users who cannot connect to their VPN networks because the “assigned” and “critical” glitch still hasn’t been fixed. One of the users who took to the aforementioned discussion says:

I am still have the same problem on Pixel C and Nexus 6 running 7.0. It doesn't work on any of these devices running 6.0.1: LG G5, Nexus 6, Nexus 7 (2013), Galaxy S7, Gpad 8.3 (CM build), and Galaxy Note 5. We use these for running a business, and cannot afford to now wait until Android 8.0 is released. I had to buy a Oneplus X that is still on 5.1 just as a stop gap just to use VPN. In most of the cases, customers who also had a backup PPTP connection turned to this protocol as a workaround for the bug, while others installed the OpenVPN Connect app that’s available in the store.
VPN connection options in Android Nougat
VPN connection options in Android Nougat

The iPhone workaround

Those who are super-frustrated with Google’s lack of response in the case of this bug that dates back to December 2015 decided to go for a more dramatic workaround: give up on Android and switch to iOS.

I hit this issue last December. My fix was to buy Iphones for us all (okay, I'm a small business so it was only 4). They just work and we've had zero issues - with hindsight I have secured 6 months of productivity so it was a good decision. The number of users who decided to switch to iPhone just because of this bug is surprising to say the least, but you can’t blame anyone for wanting to connect to their corporate networks and do their jobs.

And, as a conclusion, we’ll end with a message posted by a former Android customer who decided to abandon Android completely and purchase no less than 190 iPhones. In addition to the following message, he also posted the photo you can see below (whose legitimacy we can’t verify by the way) and which he says shows his company’s new phone lineup.

Switched to Apple with 190 devices... Works like a charm now. 420 will follow. Waiting for a year is not acceptable.
Tim Cook would really be proud with this pic
Tim Cook would really be proud with this pic

Photo Gallery (3 Images)

The bug still exists in Android 7
VPN connection options in Android NougatTim Cook would really be proud with this pic
Open gallery