Temporary IKEv2 (500) connection when using other protocols #59
Description
When connecting using UDP / WireGuard / Stealth (and possibly other protocols), the client sometimes briefly establishes a connection over IKEv2 (500) for 1–2 seconds before switching to the selected protocol.
This behavior may represent a potential protocol leak, since traffic filtering systems could detect the initial IKEv2 handshake before the intended protocol is activated.
Additionally, there is a related issue:
In some cases, the connection remains on IKEv2 (500) and does not switch to the selected protocol at all. When this happens, the connection appears to encounter DPI filtering, becomes significantly slower, and eventually drops.
Both issues are not critical at the moment, but they may impact VPN reliability and censorship resistance in the future.
The issue is difficult to reproduce consistently, as it appears to happen randomly. At this time, I do not have clear reproduction steps or an understanding of the exact trigger conditions.