Windows 7 VPN and Internet at the same time

stefanaichholzer
stefanaichholzer used Ask the Experts™
on
Hello to everyone, so here's the issue:

I recently upgraded to Windows 7 from XP and before I was using the OpenVPN to connect to my work's VPN but since I can't get that to work on Win7 I created a VPN connection in the Windows "Network Center"

Thing is, when I connect to the VPN (it works) but I no longer have Internet access, and it certainly not handy to have to cut one to get the other.

I have already tried all the answers that can be found on google with no success:

 - Disable local (software) Firewall
 - Disable local router (hardware) Firewall
 - Uncheck "Use default gateway on Remote network" as described here http://superuser.com/questions/31027/windows-7-vpn-stops-web-browser

 Nothing seems to work, One thing though, when I Uncheck "Use default gateway on Remote network" and then connect to the VPN the Internet is still working (with the VPN connected) but then I can't access the resources on the VPN.

 So, as I said, when I have one it kicks the other out.

 I need some Windows Networking guru to help me solve this issue, I've been fooling around with it for more than one day and it's making me insane.

 Please don't just post any link you found on google unless you find it really useful.

 Thank you
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
I use Windows 7 Pro 64-bit, NCP Secure Entry (IPSec VPN) and use VPN and Internet at the same time - all working. ... Thinkpads_User

Commented:
You need to update your route everytime you connect/disconnect from your VPN.   Just use the route add command to set the route when you connect and then use route add again to set it back to the original gate way.  So your route statement would look like this.

Route Add 192.168.10.1 (or whatever your vpn gateway is) and then route add 10.0.0.1 (or whatever your normal gateway is)

Commented:
What type of Firewall are you connecting to? If it is a hardware device such as a cisco pix, this can be by design. If the administrator has not enabled split tunneling then you will not be able to access the local LAN and the internet as some view this as a security risk.
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Author

Commented:
@thinkpads_user: is that a free solution?, can I use that to connect to any VPN or has it to be a certain hardware on the VPN Server side?, if yes where can I download it?

@amnhtech: I've seen something to this before, but I have no idea on how to add the route, can you please provide more detailed advice?, finally is there no option to make this on the fly?

@MCSA2003: As far as I now it's powered by Astaro, but I don't have a clue on the details, however the split tunneling is not done on the VPN server, it should be done here, should't it?

I just want Windows 7 to know that when I enter google.com it should use my internet access and when I enter an IP from the VPN go for that using the VPN connection. Come on guys, please, this can't be that hard...

Thank you
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
@MCSA2003 - look on www.ncp-e.com for NCP Secure Entry. No, it is not free, and it requires IPSec at the host end. But I have it running on my Windows 7 Pro machine and it works fine in an IPSec environment. ... Thinkpads_User

Author

Commented:
@thinkpads_user: I tried it, thank you, and it's absolutely useless in my case, it won't even let me enter my configuration parameters properly, besides I'm not willing to pay 100 bucks for that and finally we don't have and IPSec environment.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Microsoft VPN generally does not support split tunnelling unless you can find a workaround. I stay away from it for that reason. In an IPSec world, the tools out there (of which NCP Secure Entry is one) generally do support split tunneling, which is why I use these solutions. Good luck in your hunt. .. Thinkpads_User

Commented:
I can only comment on the Cisco devices. This is an option that has to be enabled on the Cisco Pix. Some network admins see giving you access to their local LAN and internet over a VPN tunnel a security risk and therefore block it. This is controlled on the hardware end and if it is not enabled there is nothing you can do.

Author

Commented:
I found a solution for the problem using the Windows VPN:

 1) Go to Control Panel
 2) Select "Administrative Tools"
 3) Select "Services"
 4) Find "Routing and Remote Access" in the list.
 5) Right click and set to "Automatic". If the service is not started start it
 6) For the VPN CHECK the "Use default gateway on Remote network" opposite to as described here http://superuser.com/questions/31027/windows-7-vpn-stops-web-browser

Now I have access to both, the Internet and my VPN.
Cheers
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Thank you for posting a solution. ... Thinkpads_User
I support several Astaro firewalls with the SSL VPN, and have seen this problem on Vista/7.  

If open-vpn was working fine before, I'm pretty sure the issue is due to UAC.  If you have UAC enabled, you will need to make sure and run the open-vpn executable as an administrator.  Your vpn software needs to modify the routing tables on your local computer, and this requires administrator level access, and if you have UAC enabled, then open-vpn will appear to connect, but the routing tables won't be modified.

Close out the open-vpn program, browse to the open-vpn folder (should be C:\Program Files\Open VPN\bin\openvpn-gui.exe or something similar), right Click on this file, go to the "Compatibility" tab, and check the box to "Run Program as Administrator".  Then launch and try to connect the VPN again.
Finally I found the problem with Astaro VPN client not working on my PC. I have ESET Security Suite and it was adding a Firewall on the VPN connection and not telling me about it at all. Disabling the firewall on this device (connection) solved the issue.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial