Google Pixel 3 devices unable to connect to MX VPN endpoints

cta102
Building a reputation

Google Pixel 3 devices unable to connect to MX VPN endpoints

Have just spent the last 90 minutes fighting with a Google Pixel 3 being unable to create a VPN connection back to a MX. Anyway after many "it must be my fault" assumptions I checked the wider world and found this is a widespread issue.

 

Although the issue was discovered on my personal phone we have client who wishes to roll out switch from Samsung handsets to Pixel 3a devices, hence playing with VPN again.

So far the options are to use PPTP (not a real option even if the Meraki gave the option) or go for the Android 10 beta (not an option for the client)

 

Anybody found a workaround for the issue?

7 REPLIES 7
Uberseehandel
Kind of a big deal

I wonder if any Android VPN client is able connect to to an MX.

 

Workarounds

  • Take a Z3C with you and let the Pixel 3 connect to the Z3C WiFi, as the Z3C can connect to the MX over both wired and LTE connections.
  • Make more use of Cloud based services - Android has no issues connecting to OneDrive/Exchange/Office365.

 

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
cta102
Building a reputation

For the customer an additional device is not an option as it's direct access to their own systems when their Wi-Fi is not available (it's a public transport system so lack of Wi-Fi is pretty often)

I have the Android 10 Beta 5 downloading to my own phone to see if the issue is resolved, as it is not wise to rely upon what is published online 😉

If they stick to their usual release schedule then android 10 will be the production release by the time the handsets are purchased.

Seems the lack of connectivity has been with the Pixel 3 for at least 6 months so it's a long running issue.

The Android VPN client implementation I use (8.0.0) only handles numeric VPN server addresses.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
cta102
Building a reputation

Iv'e used both the dynamic DNS lookup and actual IP address (I know there is a configuration that you must use the endpoint address itself, but can;t remember why)

SoCalRacer
Kind of a big deal

MX67

Pixel 3 XL

T-Mobile

Build: PQ3A.190705.003

 

 

 

Client VPN is working for me with Meraki authentication.

 

Follow these instructions, use the IP address in the server address

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration

cta102
Building a reputation

That's how the original Pixel and 2 Samsung phones are configured 😉

The Pixel 3 on Pie won't connect at all
cta102
Building a reputation

Update: Issue seems to be resolved

 

Immediate VPN connection with the Android 10 r5 and the current android 9 release when using the phones existing VPN settings (i.e. I changed nothing apart from installing the Beta version)

 

Looks like something has changes between releases as I no longer get the following errors logged:


msg: packet shorter than isakmp header size (0, 64, 28)

&

msg: phase1 negotiation failed due to time up.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels