[strongSwan] cannot connect with android 11 standard client (but android strongswan works)

[Gregory Edigarov]

Hello Everybody.

here's my strongswan setup:
conn vpn-default
    auto=add
    compress=no
    type=tunnel
    keyexchange=ikev2
    ike=aes256-sha1-modp1024 
    esp=aes256-sha1
    fragmentation=yes
    forceencaps=yes
    dpdaction=clear
    dpddelay=300s
    rekey=no
    left=%any
    leftid=@vpn.domain.org
    leftauth=pubkey
    leftcert=certificate.pem
    leftsendcert=always
    #leftsubnet=0.0.0.0/0
    leftsubnet=192.168.0.0/22,192.168.12.0/22,192.168.21.0/24
    leftfirewall=yes
    leftsourceip=%config
    right=%any
    rightid=%any
    rightauth=eap-radius
    rightsourceip=10.254.236.2/22
    rightdns=192.168.0.2,192.168.12.2,192.168.21.2
    rightsendcert=never
    eap_identity=%identity

the server uses letsencrypt certificates, stored as:

   270517      4 -rw-r--r--   1 root     root         3750 Nov 18 18:54
   /etc/ipsec.d/cacerts/ca.pem 270515      4 -rw-r--r--   1 root
   root         1838 Nov 18 18:54 /etc/ipsec.d/certs/certificate.pem
   270520      4 -rw-r--r--   1 root     root         1704 Nov 18 18:55
   /etc/ipsec.d/private/key.pem

which is valid:
        Issuer: C = US, O = Let's Encrypt, CN = R3
        Validity
            Not Before: Nov 18 14:19:34 2021 GMT
            Not After : Feb 16 14:19:33 2022 GMT
        Subject: CN = vpn.domain.org

with this config I can connect from Windows 10, from ubuntu
via strongswan-starter (ipsec.conf) but not from Network Manager, 
from iphone (seems to be ok), but not from android standard vpn client.
i.e.:
Windows 10 - ok
ubuntu (strongswan-starter) - ok
android (strongswan for android) - ok
ubuntu (network manager) - don't work
android (standard client) - don't work (even though I've imported CA
certificate) 

what am I missing for systems that don't work?

--
With best regards,
     Gregory Edigarov