Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dannymarfil
Explorer

Cannot browse the internet (or ping external IPs) when VPN is connected

I used to be able to connect to the VPN and browse the internet at the same time, but the other day my wifi went down and I had to switch to my mobile hotspot to be able to finish my work. After connecting back to my wifi as normal, now I cannot browse the internet when I am connected to the VPN; as soon as I disconnect from the VPN, my browser opens any website.

It is not DNS related because I cannot ping any IP address when the VPN is connected: I open a terminal and ping a random IP address - e.g. 1.1.1.1 - and I get a timeout when connected to the VPN; I keep the terminal open and then disconnect from the VPN: ping starts returning responses. I connect to the VPN, ping timeouts again.

Logic suggests it is a client-side problem, as nothing has changed on the server side whereas something did change on the client side - it all started to happen when I switched from my wifi to my mobile hotspot.

Is there anything I have to re-configure on my side?

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

Actually that is something that can be impacted by a server side configuration, e.g. “route all traffic.”
Easiest way to check that: routing table when connected to the VPN.
If something like 1.1.1.1 has a route that goes to your VPN gateway: that’s exactly what’s happening.

0 Kudos
dannymarfil
Explorer

Thanks PhoneBoy - yes, that is what is happening, what is strange is the fact that I was able to browse without any issue until I switched to a different "router" (my mobile hotspot), and then it stopped, even when switching back to my original connection.

Another odd fact is that some of my colleagues can still browse the internet whilst connected to the VPN, whilst some others cannot (including me from that point in time), which seems to indicate that it is not a unique rule for all the connections from the server side - we should all be able to connect to other IPs, or none.

So you don't think it might be something that needs reconfiguring (or resetting) on the client side?

Thanks

0 Kudos
the_rock
Leader
Leader

Make sure of one thing...in global properties, under "remote access" -> "endpoint connect", if option "route all traffic to gateway" is ticked to "yes", then all Internet traffic for vpn users would go via the CP, so have a look to see why its blocked. Easiest way I would do this is when pinging constantly 8.8.8.8, maybe check the logs to see where its dropped and also do fw ctl zdebug + drop | grep 8.8.8.8 and see what you get. Message me offline if you wish to do remote session.

 

Cheers,

 

Andy

0 Kudos
Vladimir
Champion
Champion

If I am not mistaken, unless the policy for "route all traffic via VPN" is configured on the server side and unless your installation packege is configure to prevent you from changing this setting, you should have the ability to flip it on your device for each connection.

This does not explain why it changed when you have switched your WiFi settings, but you should be able to find it and see if you can toggle it to a split-tunnel mode.

0 Kudos