This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
dannymarfil
Explorer
‎2021-01-26 01:04 AM

Cannot browse the internet (or ping external IPs) when VPN is connected

I used to be able to connect to the VPN and browse the internet at the same time, but the other day my wifi went down and I had to switch to my mobile hotspot to be able to finish my work. After connecting back to my wifi as normal, now I cannot browse the internet when I am connected to the VPN; as soon as I disconnect from the VPN, my browser opens any website.

It is not DNS related because I cannot ping any IP address when the VPN is connected: I open a terminal and ping a random IP address - e.g. 1.1.1.1 - and I get a timeout when connected to the VPN; I keep the terminal open and then disconnect from the VPN: ping starts returning responses. I connect to the VPN, ping timeouts again.

Logic suggests it is a client-side problem, as nothing has changed on the server side whereas something did change on the client side - it all started to happen when I switched from my wifi to my mobile hotspot.

Is there anything I have to re-configure on my side?

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2021-01-27 05:31 PM

Actually that is something that can be impacted by a server side configuration, e.g. “route all traffic.”
Easiest way to check that: routing table when connected to the VPN.
If something like 1.1.1.1 has a route that goes to your VPN gateway: that’s exactly what’s happening.

0 Kudos
dannymarfil
Explorer
‎2021-01-31 01:28 AM
In response to PhoneBoy

Thanks PhoneBoy - yes, that is what is happening, what is strange is the fact that I was able to browse without any issue until I switched to a different "router" (my mobile hotspot), and then it stopped, even when switching back to my original connection.

Another odd fact is that some of my colleagues can still browse the internet whilst connected to the VPN, whilst some others cannot (including me from that point in time), which seems to indicate that it is not a unique rule for all the connections from the server side - we should all be able to connect to other IPs, or none.

So you don't think it might be something that needs reconfiguring (or resetting) on the client side?

Thanks

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2021-01-31 06:13 AM
In response to dannymarfil

Make sure of one thing...in global properties, under "remote access" -> "endpoint connect", if option "route all traffic to gateway" is ticked to "yes", then all Internet traffic for vpn users would go via the CP, so have a look to see why its blocked. Easiest way I would do this is when pinging constantly 8.8.8.8, maybe check the logs to see where its dropped and also do fw ctl zdebug + drop | grep 8.8.8.8 and see what you get. Message me offline if you wish to do remote session.

 

Cheers,

 

Andy

Best,
Andy
0 Kudos
Vladimir
Champion
Champion
‎2021-01-31 08:23 AM
In response to dannymarfil

If I am not mistaken, unless the policy for "route all traffic via VPN" is configured on the server side and unless your installation packege is configure to prevent you from changing this setting, you should have the ability to flip it on your device for each connection.

This does not explain why it changed when you have switched your WiFi settings, but you should be able to find it and see if you can toggle it to a split-tunnel mode.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events