Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Connected to VPN but no internet?

Posted on 2010-11-10
Medium Priority
Last Modified: 2012-05-10
a friend of mine is trying to connect to our home computer (XP PRO) over VPN.   The VPN is setup correctly (I use a linksys VPN router, PPTP) and works from other locations.

She can successfully connect via VPN.
She can successfully PING my XP PRO box
But she cannot browse the internet,
and she cannot browse my XP box Website

Her norton is disabled.  her firewall is disabled.
I cannot ping her IP from my XP Box, even though she CAN ping my XP box.
Her VPN shows connected on my Linksys router, and pinging me from her machine works, but pinging her from my machine doesn't.

The goal is for her to browse my XP Website from her machine, and both IE and Firefox just display a "waiting for connection" message and hang, not even resulting in an error.  (she also cannot browse any internet website)

I tried everything and am out of ideas.  Anyone have an idea?
Question by:arthurh88
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2

Expert Comment

ID: 34104964
Have you verified the machine receives proper DNS and Default gateway information when connecting to the VPN? In many Windows VPN cases the system routes ALL traffic through the VPN so the machine is no longer able to access the local default gateway or the DNS servers to resolve names.

First you might want to check what settings you have - IPCONFIG /ALL
Then you might want to check whether your DNS resolves anything: NSLOOKUP YAHOO.COM
Third, check your routing tables - NETSTAT -NR
Fourth, use traceroute to see where your traffic is going: TRACERT -D YAHOO.COM

All of the commands are supposed to be used in the command prompt, and all are in upper case to make it easier to see them. EVERYTHING in them should be in lower case when you do type them, especially the command line switches.

I would assume you either:

a) are unable to resolve any names because the end point gives you new (faulty) DNS information and the client connecting is no longer able to resolve names properly - nslookup would just fail. Nslookup also shows you which DNS server the machine is trying to use. Running the command both with the VPN  enabled and disabled allows you to easily see what's going on


b) the VPN connection gives your machine a new default gateway but screws up something else in the configuration, making your other machine effectively unable to connect to the internet.

On Win7 you can define whether to use the remote default gateway or not - the settings can be found from the VPN connection properties -> Networking -> IPV4 -> Advanced -> there's a check box on the IP Settings page ("Use default gateway on remote network") - disabling that would allow a Win7 machine to access internet, too. I'm not sure if WinXP had the same checkbox.

Hope some of this helps. It would've been useful if you had posted some information about your level of knowledge about LANs, IP traffic and such. Now I'm just forced to assume you know next to nothing, which would allow you to configure the VPN but not really use it for anything else. If I'm wrong, please let me know how far I am from the target, and we'll get it set up. I've got some XP machines too, they're just at a different location I can reach only tomorrow to check.

Author Comment

ID: 34105143
hi thanks for your reply.  

She can ping:
But cannot browse:

Her PPTP IP is

She can ping:

But I cannot ping:

Im using straight IP addresses, so DNS and name resolution shouldn't have anything to do with it right?   or am I wrong?
LVL 10

Expert Comment

ID: 34105175
Can she ping your xp by name? Then DNS working fine.

If not check your firewall both native one and the one the anti-virus allow port 80 to pass through to allow http traffic
Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.


Author Comment

ID: 34105494
the goal is not for DNS to work.  The goal is simply to browse
I shouldn't need DNS for that.

Author Comment

ID: 34105517
what i dont understand is how the following can occur (her IP is

1.  She can ping
2.  She cannot browse (on both IE and firefox)
3.  I cannot ping

how can all this happen?  I'm stumped.
LVL 10

Expert Comment

ID: 34105708

if she can ping and get the reply then communication can take place in both ways can you turn off the firewall and check? try turning it off at your end both built in and if any third-party ones are on that as well. if it doesnt work ask her to try on her side.

I would suggest if you have another machine on your network try accessing it on that to rule out any problems on your side

Author Comment

ID: 34106491
i know its not on my end, because 2 other computers successfully VPN daily to our machine, and can browse no problem!

Expert Comment

ID: 34112310
Ahh, my mistake. I thought you actually wanted to be able to browse the internet through the VPN too.

So, in the light of the new information, the current situation is:

You have a server machine, it has a HTTP server installed, and the port 80 on that machine is not protected by a firewall, at least from the 192.168.2.x network. There are more than one users using the VPN, and at least two of those are able to do exactly what you want without any changes to the configuration. Am I right at this point?

I also assume you can see the ping traffic from her computer to your box in your VPN appliance?

The only things that I can think of at this point - and with this information - is to make sure the local network at her end doesn't conflict with yours. Another might be to try to just telnet to the HTTP port and see if you get any response assuming the person has the required skills. It's not really that hard..
- command prompt
- "telnet 80"
- if it manages to connect, you know you get at least some information
- type "GET / HTTP/1.1" and hit enter twice
- enjoy the HTML code of the startup page

Then again, the last probably doesn't make any difference - I'd assume you get a connection timed out.

Author Comment

ID: 34128906
i will try that.  i'm beginning to wonder if she has an unknown firewall on her machine.  i am driving out to her house in a few days and will try your suggestions.  your summary was completely correct.

1.  I have http on port 80 open to everyone on network 192.168.2.x
2. I have a linksys VPN router that has a PPTP server with 10 users maximum on my home network
3.  2 people VPN into the linksys, and can browse no problem on
4.  The third person can VPN successfully. The third person can PING and get a reply
5.  The third person cannot browse
6.  While the third person is on a VPN, even though she gets a reply when SHE initiates the Ping, if I try to ping her anywhere on the 192.168.2.x network, there is no reply from her.
LVL 10

Expert Comment

ID: 34129206
VPN to windows xp maximum 3 connections if it helps

Author Comment

ID: 34129243
its not a VPN to XP, it is a VPN into a linksys VPN router that allows up to 10.
LVL 10

Accepted Solution

moon_blue69 earned 2000 total points
ID: 34130510
Configure another computer to get
Her PPTP IP if it can connect its not anything from your side. (i mean the firewall blocking that ip). If this trial is successful definitely it has to do something with her firewall.


Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question