On a Windows 10 computer, accessing the internet through certain applications like Firefox and Edge is possible after connecting to an OpenVPN server. However, Office applications with OneDrive integration, including Outlook, Word, Excel, and Microsoft Store App, do not have internet access, which can lead to licensing issues.
The OneDrive application itself may work sporadically, but the integration within Office does not function properly.
The computer is configured to allow traffic only through the VPN network, with exceptions made for entry-IPs of VPN-servers and certain DNS-providers. This issue pertains to Office 365, but the version is likely irrelevant.
The VPN connection is established using OpenVPN software, and the IP is determined by DHCP, making it challenging to set the gateway IP in the VPN adapter.
A temporary work-around has been found and will be shared, but a more practical solution is needed.
Any alternative approaches to achieving a VPN connection while ensuring that Office applications function correctly are welcome.
2 Answers
Introduction
When using a VPN connection, it is expected that all applications on the device will have access to the internet. However, in some cases, certain applications may not be able to connect to the internet while the VPN connection is enabled. This issue has been reported by Windows 10 users who connect to a VPN server using the OpenVPN protocol. In this blog post, we will explore the reasons why Windows 10 programs lack internet connectivity while a VPN connection is enabled and provide a temporary solution to the problem.
Reasons for Lack of Internet Connectivity
There are several reasons why Windows 10 programs may not have internet connectivity while a VPN connection is enabled. One of the main reasons is that the machine is configured to only allow traffic via the VPN network. This means that all traffic, including internet traffic, is routed through the VPN connection. While this may provide increased security, it can also cause issues with certain applications that require internet access.
Another reason why some applications may not have internet access is that exceptions are made for entry-IPs of VPN-servers and certain DNS-providers. This means that only traffic to these specific IP addresses is allowed through the VPN connection. If an application needs to connect to a different IP address, it will not be able to do so while the VPN connection is enabled.
Additionally, some applications may have issues with the VPN connection if they are using IPv6 instead of IPv4. This can cause the application to not be able to connect to the internet while the VPN connection is enabled.
Specific Applications Affected
While some applications, such as Firefox and Edge, may have internet access while a VPN connection is enabled, other applications may not. In particular, Microsoft Office applications with OneDrive integration, such as Outlook, Word, and Excel, may not have internet access. This can result in licensing issues because Office cannot validate an active subscription anymore. The same is true for the Microsoft Store App.
It is important to note that the OneDrive application itself may work and sync files when editing files or folders in Explorer, but the OneDrive integration within Office may not work.
Temporary Solution
One temporary solution to this problem is to set a static IP address for the VPN adapter and then add a route to the VPN gateway. This can be done using the following steps:
1. Open the Command Prompt as an administrator.
2. Type “ipconfig” to find the name of the VPN adapter. The name should start with “Ethernet adapter”.
3. Type “netsh interface ipv4 set address “Ethernet adapter” static 10.8.0.2 255.255.255.0″ (replace “Ethernet adapter” with the name of your VPN adapter and “10.8.0.2” with the IP address you want to use).
4. Type “route add 0.0.0.0 mask 0.0.0.0 10.8.0.1 metric 10 if 24” (replace “10.8.0.1” with the IP address of your VPN gateway and “24” with the interface index of your VPN adapter).
This will set a static IP address for the VPN adapter and add a route to the VPN gateway. This should allow all applications to have internet access while the VPN connection is enabled.
Conclusion
In conclusion, Windows 10 programs may lack internet connectivity while a VPN connection is enabled due to several reasons, such as the machine being configured to only allow traffic via the VPN network, exceptions only being made for specific IP addresses, and applications using IPv6 instead of IPv4. Specific applications, such as Microsoft Office applications with OneDrive integration, may be affected by this issue. A temporary solution to this problem is to set a static IP address for the VPN adapter and add a route to the VPN gateway. It is important to note that this is a temporary solution and may not work for all users. It is recommended to seek additional support from the VPN provider or a technical expert to resolve this issue permanently.
This text delves into the technical aspects of NLA (Network Location Awareness) and NCSI (Network Connection Status Indicator).
The problem at hand revolves around the gateway in the VPN adapter.
NLA and NCSI become confused and wrongly assume that there is no active internet connection because the VPN adapter lacks an explicitly defined default gateway IP.
It is important to note that the VPN server determines the client-IP of the VPN adapter through DHCP, and a gateway is implicitly defined through routing rules. Therefore, applications that do not rely on NCSI can establish an internet connection, as this information is present in the routing table.
(Temporary) Manual solution:
To configure the VPN network adapter, you can specify the IP, subnet, gateway, and DNS server in its properties.
To do this, you first need to determine your VPN local IP, such as 10.100.5.25.
Based on the client-IP, you can derive the gateway IP, which is likely to be 10.100.5.1 (you can also check the route print table).
Then, you can fill in the gateway IP in the appropriate field, which will mark the VPN connection as having internet access in the adapter overview. After restarting your office and Windows 10 applications, they should be able to connect.
However, you must update the gateway IP every time you connect to a different OpenVPN server since you will likely receive a new IP and gateway. Currently, the only known way to set the gateway IP is through the GUI, but it may also be possible to do so via PowerShell or other scripting languages.
Unfortunately, a solution to this problem has not been found yet, and it would be helpful to automate the process of setting the gateway IP.
As a follow-up question, it is worth considering whether an *.ovpn file can configure the adapter to have a gateway IP set.
Scripting solution:
It was a bit surprising, but I managed to find an answer on the command line. I had initially searched for “gateway,” which returned a lot of irrelevant results.
However, when I searched for “language-default gateway,” I found more relevant information.
Adding the default gateway to your VPN adapter in PowerShell:
Set-Variable vpnadaptername -Value ENTER-NAME
Set-Variable vargateway (Get-NetRoute -DestinationPrefix 0.0.0.0/1 |Select-Object -expandproperty "NextHop"); Write-Host $vargateway
New-NetRoute -InterfaceAlias $vpnadaptername -DestinationPrefix 0.0.0.0/0 -NextHop $vargateway
Get-NetIPConfiguration -InterfaceAlias $vpnadaptername
Assuming that you have configured your VPN to use the ‘route-pull’ method and the command ‘Get-NetRoute’ lists your VPN gateway IP as the next-hop next to 0.0.0.0/1.
Also, assuming that you are running the top script while your VPN connection is active, and running the script below when your VPN connection is down.
It is important to note that you are running these commands with administrator privileges, although only the set/remove route commands require such privileges.
Unfortunately, after a reboot or reconnect, your VPN adapter will be assigned a new IP, but the old gateway IP will still be associated with the adapter. You could update it by replacing ‘New-NetRoute’ with ‘Set-NetRoute’, but it is more stable to clear it before OpenVPN establishes a connection.
Therefore, the script below is executed before your VPN is connected:
Clearing default gateway ip:
Set-Variable vpnadaptername -Value ENTER-NAME
Set-Variable vargatewayold (Get-NetRoute -InterfaceAlias $vpnadapternam -DestinationPrefix 0.0.0.0/0 |Select-Object -ExpandProperty "NextHop")
Remove-NetRoute -InterfaceAlias $vpnadaptername -DestinationPrefix 0.0.0.0/0 -NextHop $vargatewayold Confirm:$false
To conclude, it should be noted that the route command is utilized to modify the gateway IP of a network adapter. This implies that if the scripts are not executed in the correct order, the route table can be affected.
In some cases, the adapter may end up with two gateways. If such a scenario occurs, the issue can be fixed by manually deleting the IP through Network Adapter settings.
Users can do this by navigating to Properties > IPv4 > Properties > selecting the gateway IP and clicking edit or delete. When OpenVPN is reconnected, the routing table will be reset to its original state.