3

I have a problem which is constantly appearing on each Windows 7 computer I'm using whenever I establish a VPN connection.

The problem appears only if using a proxy server for Internet access; it doesn't happen when directly accessing the Internet (with or without NAT). It doesn't seem to depend on a specific proxy software being used (I've seen it happening with various ones).

The problem is: as soon as I start the VPN connection, Internet Explorer can't access anything anymore.

I'm not using the VPN connection as a default gateway, and I can succesfully ping the proxy server after the VPN connection is established (and even telnet to its 8080 TCP port), so this is definitely not a routing problem.

Also, the problem is specifically related to Internet Explorer: while it seems not able to connect to any site, other programs (such as FireFox) have no problem accessing the Internet through the same proxy.

This behaviour can be easily reproduced on any Windows 7 computer (the service pack and patch level doesn't seem to matter at all). Have IE connect through a proxy, establish a VPN connection... and IE will just not work anymore until the VPN connection is dropped.

Massimo
  • 68,714
  • 56
  • 196
  • 319
  • Do you have a proxy set ip in IE? – Bart De Vos Apr 18 '12 at 09:22
  • Yes, of course. IE works perfectly before establishing the VPN connection (and, indeed, the proxy is actually *used* to establish it, as there is no other way to access the Internet). But, as soon as the connection goes up, IE doesn't work anymore. – Massimo Apr 18 '12 at 09:32

2 Answers2

4

Found the culprit.

Internet Explorer can use custom proxy settings for each VPN connection, and those settings override the default, global proxy settings when a VPN connection is in use. Thus, as soon as you establish a VPN connection, the connection's proxy settings become active, and if you don't configure them, IE defaults to a "no proxy, direct Internet access" configuration and just ceases to work.

enter image description here

Massimo
  • 68,714
  • 56
  • 196
  • 319
0

Do you have a rule in TMG that allows the VPN Clients group access to the Internet?

Have you tried logging the traffic to see if it's TMG denying the connections?

Chris McKeown
  • 7,128
  • 1
  • 17
  • 25
  • As I stated in the question, I'm *not* using the VPN connection as my default gateway. I'm explicitly disabling this in the TCP/IP properties of the connection. Internet access on the client machine should keep working as it was before the VPN connection got established. And it *is* working this way... for all applications except IE. – Massimo Apr 21 '12 at 00:08
  • I can succesfully use the proxy (and so, the Internet) from any application running on the client system; but IE refuses to work. This only happens with SSTP VPNs... it almost looks like a persistent SSL connection sort of "hangs" IE. – Massimo Apr 21 '12 at 00:09