When connecting from home to a corporate VPN server (AlwaysOnVPN, Windows Server RRAS or OpenVPN server), users complain that they don’t have Internet access on their computer with an active VPN connection. In this article we will discuss why you cannot access the Internet on Windows 10 while connected to a VPN and how to fix this problem.
When creating a new VPN connection in Windows (all version), the option Use default gateway on remote network is enabled by default. It means that all traffic from your computer is sent through a VPN tunnel. If remote clients are allowed to access only local corporate resources and the Internet access is restricted on the VPN server, a remote user won’t be able access external websites and other Internet resources from their computer. After disconnecting from VPN, all user traffic will go through a common network and the Internet access will appear.
A mode, when some traffic (access to corporate resources) is sent through a VPN tunnel and the rest of traffic (Internet access) goes through a local network connection, is called split tunneling.
In Windows 10, you can enable split tunneling (disable Internet traffic routing through a VPN tunnel) in three ways:
- In the TCP/IP VPN connection settings
- In rasphone.pbk file
- Using Set-VpnConnection cmdlet with the SplitTunneling parameter in PowerShell
The easiest way is to change TCP/IP settings of your VPN connection through the Control Panel.
- Open the list of network connections in the Control Panel (
Control Panel\Network and Internet\Network Connections) and go to the properties of your VPN connection; - Open the Networking tab, select Internet Protocol Version 4 (TCP/IPv4) and click Properties;
- Click Advanced;
- Make sure that Use default gateway on remote network option is checked in the IP Settings tab.
After you uncheck the “Use default gateway on remote network” option and reconnect to your VPN gateway, you will have access Internet on your computer through your ISP connection . However, in some Windows 10 builds the option is not available on some reasons (there are different problems: you cannot edit the field, the setting is not saved, or the setting form is not opened when you click TCP/IPv4 properties), so you may have to use other ways to solve the problem.
The file rasphone.pbk is located in the folder C:\ProgramData\Microsoft\Network\Connections\pbk\ (if you created a VPN connection for all users of a computer) or in the user profile directory C:\Users\username\AppData\Roaming\Microsoft\Network\Connections\Pbk (if the VPN connection is available for your user only).
Open rasphone.pbk in any text editor (even notepad.exe will do). The settings of all configured VPN connections are stored in this file. Find the IpPrioritizeRemote parameter. By default, its value is 1. Change it to 0, save rasphone.pbk and restart your VPN connection.
rasphone.pbk to deploy a properly configured VPN connection to users’ computers.
Also you can configure VPN split tunneling via PowerShell. Display the list of all available VPN connections:
Get-VpnConnection
Make sure that SplitTunneling for the connection is disabled (SplitTunneling: False).
To enable SplitTunneling, specify the name of your VPN connection:
Set-VpnConnection –name vpn.woshub.com -SplitTunneling $true
Reconnect to your VPN server and make sure that you have Internet access on your computer and have access to the corporate resources behind the VPN gateway. Enabling SplitTunneling does the same thing as when you uncheck the “Use default gateway on remote network” option in the TCP/IPv4 settings of your VPN connection. (If you run the command shown above, this option is unchecked).