strongswan | strongSwan - IPsec-based VPN | VPN library

Trying to understand systemd and craft a service that works , using two bash scripts I have to down/up an IPsec/L2tpd tunnel. All works fine if I use the bash scripts commands from the command line, but for some reason I'm getting race conditions or lack of sync or something because using my systemd unit file is random and intermittent often requiring a random number of restarts to get it working.

I have 2 strongswan connected, each can ping the other. My problem comes when either of the subnets want to ping an ip on the other side, it doesn't happen. I know i need to add some masquerading but i can't figure out how (i have added the routes on the other network elements with route add -net x.x.x.x/x gw x.x.x.x)

Side A:

I have set up a VPN to an Azure IKEv2 gateway following instructions from these sites:

full tutorial

Create Certificate

I had originally used the StrongSwan Gui version but after checking found that none of the configuration mentioned in the cli version had been completed so I worked through the cli version. When I start the VPN I get no errors and I can see logs in syslog that indicate the connection is set up. When I browse to a page that I need the connection for I get an error page stating DNS error. It has connected on more than one occasion and I have used the page but then if I turn it off and start it up again it does not work. I haven't found a pattern for it working yet and seems to be genuinely random.

I am on Ubuntu Linux

I have installed strongswan VPN on GCP Compute engine(Ubuntu 20.04) by referring https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-20-04

have 3 different projects and I set up a tunnel for all from Strongswan VPN Compute Engine.

below is the ipsec.conf file

I was exploring the IKEv2 StrongSwan client implementation for Android. What I fail to understand is that Android and Java do not support raw sockets, whilst the IKEv2 / IPSec works below Transport layer, which seems counter-intuitive. How exactly does the communication happen after the CHILD_SA aka IPSec SA is established?

References:

1. The official documentation for IKE Charon keying daemon does mention the use of socket in the architecture diagram, but I was unable to find any further reference to it.
2. I'm aware of the fact that StrongSwan's Android client uses a user-space implementation of libipsec, but again how does libipsec communicate without raw sockets?

Any help to fill the gap in my understanding is much appreciated!

I am trying to run the following command in the PowerShell

I need to connect a Vpn programmatically in my app, but can't seem to find a way. I see VpnService, StrongSwan, OpenVpn but this seems not IPSec. How do I go about connecting to my already build IPSec and L2TP servers that have a username, password and pre shared key.

I am working on VPN app and follows the code of strongswan app. I have used the code of this app and it is loading .so files through JNI and i have copied these files from the strongswan project. It gives this exception for one of these files:

I'm trying to encrypt my ICMP packet with AES128-CCM16. I used c openssl library for encryption. But encrypted result is wrong!

I used two Linux 18.04 VM for simulating ESP packet with strongswan IPsec. I captured ESP packet and printed my whole variables in my decrypt function.