Menu
What's new

FYI for Android users who have upgraded to Android 12 and use VPN

Holbs

Holbs

IPCT+ Member
Joined
May 1, 2019
Messages
2,215
Reaction score
3,504
Location
Reno, NV
Google decided to remove L2TP VPN, which is what Ubiquiti uses (at least in the UDM series for their RADIUS servers).
I can manually connect, but 'always on' does not stay.
This not only applies to Ubiquiti but various other situations such as Windows, Wireguard, ExpressVPN, etc.

Dang it. Just when I figured out how to setup VPN and "always on" to do Blue Iris and DMSS app with my Dahua VTO intercom.
 
user8963

user8963

Known around here
Joined
Nov 26, 2018
Messages
1,465
Reaction score
2,315
Location
Christmas Island
Its not googles fault.

Ubiquiti is using old stuff from yesterday and denied to implement todays standards into their overpriced network equipment. They only develop their UI to trick the customer. Sure its easy to setup, but the downside is something like that.

In general ubiquiti routers are slow as a turtle and should be avoided. You can setup a pfsense box in a few steps and still use their overpriced APs from yesterday. Controller might be a bit painful, but you can run it onto another box/pc/whatever.

i started to compare ubiquiti with Reolink when it comes to trick the customer. They made good stuff and where somehow market leader in their consumer segment (okay obvious not true for reolink LOL), but after years competitors keep up and they rely only on all the reviews/howtos from the influencers like hookup to sell their stuff. There is no improvement or development.

Heck you can buy tplinks copycat "omada series" which is cheaper and works even better.

Wireguard should not be affected by anything. It should be in android 12 kernel. Most VPN companies like nordvpn, expressvpn etc. are supporting wireguard. Google made the announcement that they make changes to VPN a year (or more) ago. Ubiquiti can use openvpn, which should still work on android 12. But there are some downsides with openvpn. But it supports radius etc (in general, maybe not on ubiquiti). Wireguard not.
 
Last edited:
Holbs

Holbs

IPCT+ Member
Joined
May 1, 2019
Messages
2,215
Reaction score
3,504
Location
Reno, NV
user8963 said:
Its not googles fault.

Ubiquiti is using old stuff from yesterday and denied to implement todays standards into their overpriced network equipment. They only develop their UI to trick the customer. Sure its easy to setup, but the downside is something like that.

In general ubiquiti routers are slow as a turtle and should be avoided. You can setup a pfsense box in a few steps and still use their overpriced APs from yesterday. Controller might be a bit painful, but you can run it onto another box/pc/whatever.

i started to compare ubiquiti with Reolink when it comes to trick the customer. They made good stuff and where somehow market leader in their consumer segment (okay obvious not true for reolink LOL), but after years competitors keep up and they rely only on all the reviews/howtos from the influencers like hookup to sell their stuff. There is no improvement or development.

Heck you can buy tplinks copycat "omada series" which is cheaper and works even better.

Wireguard should not be affected by anything. It should be in android 12 kernel. Most VPN companies like nordvpn, expressvpn etc. are supporting wireguard. Google made the announcement that they make changes to VPN a year (or more) ago. Ubiquiti can use openvpn, which should still work on android 12. But there are some downsides with openvpn. But it supports radius etc (in general, maybe not on ubiquiti). Wireguard not.
Click to expand...
Well, Google did not HAVE to remove it at 100%. They could of adding a warning saying this is an outdated VPN method.
I bought the UDM for the firewall and vlan purposes...and yes, even the fancy GUI.
If I had to do over again, I would of went a different route. I'm not happy with Ubiquiti in general as the points you mention are very valid: can not see the connected VPN users at all (not their IP, how long connected, etc), no option to use OpenVPN, etc (though, users have been clamoring for these basic simple requests for years) and other stuff. Yea, next router might be Fortigate or TPlink.

I guess what I should of said in my #1 post was any L2TP VPN services you rely on with Android 12, it is time to find a different method.
 
user8963

user8963

Known around here
Joined
Nov 26, 2018
Messages
1,465
Reaction score
2,315
Location
Christmas Island
Are you using the trashcan like UDM or the rackmount? which is the exact model number? i cannot believe that its not possible to use openvpn... maybe not with radius ...

edit: yes i googled it. openvpn not supported LOL

you should be able to setup a cheap RPI - openvpn server and use your existing radius on ubiqiuiti ... if that is not supported and only UI stuff can use their radius.. hell trash it ;)
 
T

The Automation Guy

Known around here
Joined
Feb 7, 2019
Messages
1,412
Reaction score
2,803
Location
USA
I'm running Android 12 and no longer have an issue with VPN. I use OpenVPN running on a pfSense firewall but don't use RADIUS. At one point the Android 12 beta had a bug that prevented the VPN from working, but that was cleared up prior to the official release. (I think it was broken in Beta 3, but fixed in Beta 4??). Regardless, I have no problems connecting to my network via VPN while away from my house. I just tried it again to be 100% sure and it connects fine.
 
Holbs

Holbs

IPCT+ Member
Joined
May 1, 2019
Messages
2,215
Reaction score
3,504
Location
Reno, NV
Google Android sent out another update which so far has kept my L2TP VPN connected long-term today. Again this only applies to the older VPN technology of L2TP. Open VPN uses their own proprietary method.
But does ring the bell that the older technologies are on their way out and time for the newer VPN protocols to be used. Something about ikea2 which has nothing to do with the furniture company
 
Old Timer

Old Timer

Known around here
Joined
Jul 20, 2018
Messages
1,352
Reaction score
2,945
Location
I'm ok
L2TP VPN is outdated, and has security issues. Not big ones, but never the less, we upgraded all of our customers
a couple years ago and shut down any L2TP.

The UDM Pro will work, but I am not very pleased with it. You have a work your way around to find solutions for problems,
not just program and go. The dashboard is nice, but pretty pictures do not make anything work. If you plug a converter for
ethernet into an SFP port it can cause a memory leak, and will take the memory and CPU up to 100% then freeze up until you
reset. some adapters seem to work better then others. Cable management adapters are one of the worst. This is to say nothing
about customer service that took 2 weeks to do anything when we had problems with a UDM pro.


The Ubiquity wireless links and access points are top notch, but the UDM and UDM pro suck.
 
Holbs

Holbs

IPCT+ Member
Joined
May 1, 2019
Messages
2,215
Reaction score
3,504
Location
Reno, NV
Old Timer said:
L2TP VPN is outdated, and has security issues. Not big ones, but never the less, we upgraded all of our customers
a couple years ago and shut down any L2TP.

The UDM Pro will work, but I am not very pleased with it. You have a work your way around to find solutions for problems,
not just program and go. The dashboard is nice, but pretty pictures do not make anything work. If you plug a converter for
ethernet into an SFP port it can cause a memory leak, and will take the memory and CPU up to 100% then freeze up until you
reset. some adapters seem to work better then others. Cable management adapters are one of the worst. This is to say nothing
about customer service that took 2 weeks to do anything when we had problems with a UDM pro.


The Ubiquity wireless links and access points are top notch, but the UDM and UDM pro suck.
Click to expand...
Agreed. I thought with how popular they were in business environments and even enterprise environments that this would be a stable long-term product such as Cisco or other top-notch network gear. Sadly I was mistaken. I mean I still love the interface for the firewall rules and setting up VLANs but the tipping scales are starting to lean the wrong way and I'll be looking forward different brand router firewall in the future.
 
Old Timer

Old Timer

Known around here
Joined
Jul 20, 2018
Messages
1,352
Reaction score
2,945
Location
I'm ok
Holbs said:
Agreed. I thought with how popular they were in business environments and even enterprise environments that this would be a stable long-term product such as Cisco or other top-notch network gear. Sadly I was mistaken. I mean I still love the interface for the firewall rules and setting up VLANs but the tipping scales are starting to lean the wrong way and I'll be looking forward different brand router firewall in the future.
Click to expand...
I agree on setting up VLAN for different AP networks, etc is very easy, and some of the basic firewall rules are simple, some are a pain.
I use a mini pc with PFsense
 
Holbs

Holbs

IPCT+ Member
Joined
May 1, 2019
Messages
2,215
Reaction score
3,504
Location
Reno, NV
Old Timer said:
I agree on setting up VLAN for different AP networks, etc is very easy, and some of the basic firewall rules are simple, some are a pain.
I use a mini pc with PFsense
Click to expand...
With all the DIY free quality discussions about PFsense, I will be tackling that maybe in spring when my current DIY projects settle down. PFsense is just firewall, correct? Not routing?
 
Holbs

Holbs

IPCT+ Member
Joined
May 1, 2019
Messages
2,215
Reaction score
3,504
Location
Reno, NV
user8963 said:
Its can be almost everything..

firewall, router, vpn server... you can even use freeradius package..
Click to expand...
what kind of computer is needed for a home environment? I do have a spare i5 and spare i7 nuc...along with a i7 SFF. Even have a spare Pi 4 :) And what protocol does PFsense use for VPN use? Google keeps telling me to use IKEA-2
 
Old Timer

Old Timer

Known around here
Joined
Jul 20, 2018
Messages
1,352
Reaction score
2,945
Location
I'm ok
Almost anything will work. Just get a second ethernet port ether a USB or a card, card works better .
I had one running on an I3 in a HP 3400 PC (old) and it worked well, untill the CPU fan quit.
 
Old Timer

Old Timer

Known around here
Joined
Jul 20, 2018
Messages
1,352
Reaction score
2,945
Location
I'm ok
I like the fan less mini boxes for reliability, and we use them for all of our commercial customers.
You can get the 4 port, use one for WAN, one for PC's, one for security cameras, and one for guest. However you want to do it.
 
T

The Automation Guy

Known around here
Joined
Feb 7, 2019
Messages
1,412
Reaction score
2,803
Location
USA
Holbs said:
what kind of computer is needed for a home environment? I do have a spare i5 and spare i7 nuc...along with a i7 SFF. Even have a spare Pi 4 :) And what protocol does PFsense use for VPN use? Google keeps telling me to use IKEA-2
Click to expand...
Specs really depend on your internet provider speeds. The faster you need the network to run, the better specs you need. However unless you are trying to push out gigabit uploads/downloads you can probably get by with something very low power. I personally use a HP thin client (a t620+ I think) for years that I bought used off eBay. I may eventually upgrade to something newer, but it works just fine. I probably have close to 100 different devices running through it and it has plenty of spare CPU and RAM capacity.
 
You must log in or register to reply here.
Top