Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Android client not routing traffic through tunnel

Cz
New Member
‎03-12-2020 06:36:AM
‎03-12-2020 06:36:AM

Android client not routing traffic through tunnel

Hello all, 

 

My organisation has a Pulse Secure VPN set-up which I have been using for quite some time now with the Windows client without issues.

 

However, yesterday I installed the Pulse Secure Android app on my mobile phone and it conects to the VPN, but I haven't been able to make it work properly. My organisation has several servers, some of which can be accessed from the internet without restrictions, whereas others are only accessible from the organisations's internal network (or through the VPN). 

 

When connected to the VPN from the android device I cannot ssh into any of the server whose access is restricted to organisation's network (although I can straightforwardly using the Windows client).

 

I have run some tests with a publicly accessible web server also within the organisation's network. I have changed the network part of the IP addresses in the following report. 

 

Server IP:                          6.6.6.101

 

Android device IP:                 8.8.8.5

Android device IP (VPN):      6.6.6.9

 

- If I try to connect to the server from the Android device using Chrome, the website loads normally. Also, if I telnet the web server on port 80 from the Android device, it connects.

 

- However, If I run netstat on the sever in both the previous cases, the output is different:

      When I load the website using chrome, many connections appear as it downloads as many items from the website (images, etc.), but the lines in the netstat output are as follows:

 

$netstat --tcp -A inet -n

Proto   Recv-Q    Send-Q      Local Address            Foreign Address              State
tcp          0               0              6.6.6.101:80               6.6.6.9:55945          ESTABLISHED

 

When I connect through telnet, the netstat output on the server is as follows:

 

$netstat --tcp -A inet -n

Proto Recv-Q Send-Q     Local Address                 Foreign Address               State
tcp        0            0             6.6.6.101:80                    8.8.8.5:35314         ESTABLISHED

 

Thus, the server receives the connection from the VPN mobile device address when the connection is done using chrome (the connection is routed through the VPN) and from the mobile device real IP address when using telnet (the connection is not routed through the VPN).

 

- If I run netstat on the Android device, the output does not change between both scenarios:

      When I load the website using chrome, the netstat output on the Android device is:

 

$netstat --tcp -A inet -n

Proto   Recv-Q    Send-Q      Local Address            Foreign Address              State
tcp          0               0              6.6.6.9:55978               6.6.6.101:80          ESTABLISHED

 

When I connect through telnet, the netstat output on the Android device is as follows:

 

$netstat --tcp -A inet -n

Proto   Recv-Q    Send-Q      Local Address            Foreign Address              State
tcp          0               0              6.6.6.9:55992               6.6.6.101:80          ESTABLISHED

 

In conclusion, in the Android device the connection originates in both cases from the VPN IP address according to the netstat output. However, the server receives the connection from the VPN IP address when using Chrome, whereas it receives it from the real IP address of the mobile device when using telnet (the connection is not routed through the VPN in this case).

 

Therefore, the reason why I cannot ssh on the other servers with restricted access is probably because they receive the connection from the device real IP address and they are filtered by the firewall.

 

What can I do to avoid this problem?

 

Thanks and best regards,

Cz

0 Kudos
1 REPLY 1
r@yElr3y
Moderator
Moderator
‎03-25-2020 08:25:PM
‎03-25-2020 08:25:PM

Re: Android client not routing traffic through tunnel

Can you show me the routing table of the Android device after connecting to VPN?

PCS Expert
Pulse Connect Secure Certified Expert
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.