37
23
I VPN to my work, and then I terminal server into my computer.
Everything works fine in relation to the VPN access, but locally I can't access the internet.
How can I fix this?
codecompleting
Posted 2011-07-22T19:11:39.407
Reputation: 1 039
Why does connecting to my work VPN cause my internet to not work?
Answers
59
What you are looking to do is called split tunneling. If you are using a Microsoft PPTP VPN, you need to uncheck "Use default gateway on remote network" in the TCP/IPv4 advanced settings for the VPN connection.
If you are using another VPN client, you need to look for something related to split tunneling in the VPN client's documentations. Please note that some VPN's allow the administrator to disable split tunneling.
KCotreau
Posted 2011-07-22T19:11:39.407
Reputation: 24 985
7
I've been dealing with this for a whole day and finally found the resolution. Here is how:
- First issue: I couldn't connect to internet after I established my VPN .
- Resolution: I have disabled/unchecked "Use default gateway" checkbox on TCP IPv4 properties (VPN Connection Settings => Network => Internet protocol (TCP/IPv4) => properties => Advanced => Use default gateway on remote network)
- Second issue: after that although my internet was working perfectly I could not connect to resource I need on that remote network (reason for VPN in first place :)
- Resolution: manually add route to routing table. This is how:
- a: First check what IP is assigned to you when you connect to VPN (mine was 10.30.0.12 so default gateway should be 10.30.0.1) and the resource that you need to access via VPN with subnet mask (mine was 172.18.0.19 255.255.255.255)
b: after that you have all needed information to set up route manually (as described here http://support.microsoft.com/kb/317025). Mine manual route was (just enter it in command prompt):
route -p add 172.18.0.19 mask 255.255.255.255 10.30.0.1
and that's it. Hope it helps!
Gorance
Posted 2011-07-22T19:11:39.407
Reputation: 71
I tried this. Mine was : route -p add 172.18.1.101 mask 255.255.255.255 10.217.77.1 I got a response : OK! But still I can't access the VPN resources. :( – Farrukh Chishti – 2015-10-06T12:59:16.460
I tried and it works! Perfect, thanks. +1 – Narayanan – 2016-10-22T01:21:52.923
helped me. just perfect! – Timotheus Triebl – 2017-03-25T05:23:42.570
3
If the computer has connectivity to both the internet and the corporate VPN at the same time, and the computer is compromised in some way, or deliberately configured to bypass security, the computer can act as an unauthorized bridge between the public internet and corporate LAN.
The default behavior of almost all VPN software is therefore to isolate you from the public internet through routing, firewalling, layered service providers (windows only), and other technologies. Whether this can be changed or not depends on the product in question - some of them go to great lengths to make sure that someone doesn't find a creative solution to reenable internet access while the VPN is running.
The best workaround I've found if you have to connect to a VPN frequently is to have a virtual machine dedicated to VPN access - this method won't be blocked by VPN software, and it still keeps reasonably good separation between the internet and the corporate network.
Stephanie
Posted 2011-07-22T19:11:39.407
Reputation: 1 778
2
Once you connect to the VPN, all the requests go through the VPN . You could delete the routes for particular sets of IPs (say your home router) using the route command which is usually not suggested because of security issues (this is the case usually, not Windows 7 though)
Sairam
Posted 2011-07-22T19:11:39.407
Reputation: 232
2In Windows 10, Use default gateway on remote network option is vanished... Any workaround? – Farrukh Waheed – 2016-05-27T07:43:50.490
@FarrukhWaheed I still can see this option exactly at the same place as on the screenshots. – ForNeVeR – 2016-10-02T06:31:27.323
1You may be lucky to get Win 10 with some updates. I searched the net and got this powershell command to do the job:
"Set-VpnConnection -Name VPN -SplitTunneling $true -PassThru" – Farrukh Waheed – 2016-10-03T17:57:33.920
2Of course, you may need to do the same for IPv6 one day, too :-) – Eyal – 2012-08-28T08:26:47.180