Samsung Galaxy Tab A (10.1 and 10.4) tablets and I think other Samsung Android mobile devices disregard installed VPN tunnels when verifying WiFi Captive Portal presence in Sleep Mode. They simple ignore/bypass VPN tunnels in Sleep Mode and make connections to connectivitycheck.gstatic.com domain to verify Captive Portal presence via connectivitycheck.gstatic.com/generate_204 page. They do that outside of VPN tunnels, regardless of VPN tunnel protocol. This issue exists regardless of whether the device is connected to a WiFi AP with or without Captive Portal and regardless of whether WiFi AP provides or limited local network access.
An almost identical issue existed on Google’s Pixel devices, but it was resolved by Google via monthly updates and connections to connectivitycheck.gstatic.com domain outside of VPN tunnels stopped, even when Pixel devices entered Sleep Mode .
Attempting to mitigate this issue by disabling Battery Optimization for VPN apps failed. The following ADB commands have not helped either:
settings put global captive_portal_detection_enabled 0
settings put global captive_portal_server localhost
settings put global captive_portal_server 127.0.0.1
settings put global captive_portal_mode 0
settings put global wifi_watchdog_on 0
settings put global wifi_watchdog_background_check_enabled 0
pm disable com.android.captiveportallogin
Samsung did not appear to have an official portal that could be used to submit bug reports and as such, I decided to post here.