Why does connecting to my work VPN cause my internet to not work?
What you are looking to do is called split tunneling. If you are using a Microsoft PPTP VPN, you need to uncheck "Use default gateway on remote network" in the TCP/IPv4 advanced settings for the VPN connection.
If you are using another VPN client, you need to look for something related to split tunneling in the VPN client's documentations. Please note that some VPN's allow the administrator to disable split tunneling.
I've been dealing with this for a whole day and finally found the resolution. Here is how:
- First issue: I couldn't connect to internet after I established my VPN .
- Resolution: I have disabled/unchecked "Use default gateway" checkbox on TCP IPv4 properties (VPN Connection Settings => Network => Internet protocol (TCP/IPv4) => properties => Advanced => Use default gateway on remote network)
- Second issue: after that although my internet was working perfectly I could not connect to resource I need on that remote network (reason for VPN in first place :)
- Resolution: manually add route to routing table. This is how:
- a: First check what IP is assigned to you when you connect to VPN (mine was 10.30.0.12 so default gateway should be 10.30.0.1) and the resource that you need to access via VPN with subnet mask (mine was 172.18.0.19 255.255.255.255)
b: after that you have all needed information to set up route manually (as described here http://support.microsoft.com/kb/317025). Mine manual route was (just enter it in command prompt):
route -p add 172.18.0.19 mask 255.255.255.255 10.30.0.1
and that's it. Hope it helps!
If the computer has connectivity to both the internet and the corporate VPN at the same time, and the computer is compromised in some way, or deliberately configured to bypass security, the computer can act as an unauthorized bridge between the public internet and corporate LAN.
The default behavior of almost all VPN software is therefore to isolate you from the public internet through routing, firewalling, layered service providers (windows only), and other technologies. Whether this can be changed or not depends on the product in question - some of them go to great lengths to make sure that someone doesn't find a creative solution to reenable internet access while the VPN is running.
The best workaround I've found if you have to connect to a VPN frequently is to have a virtual machine dedicated to VPN access - this method won't be blocked by VPN software, and it still keeps reasonably good separation between the internet and the corporate network.