• Happy holidays, folks! Thanks to each and every one of you for being part of the Tom's Hardware community!

[SOLVED] While VPN is on, other devices stop working

landsavage

Distinguished
Jan 6, 2009
81
0
18,630
OK so this is weird. I can't understand what would cause this, but when I turn on my VPN either through a free one like SoftEther, or a paid one like SurfShark VPN, the VPN on my machine works fine, but every other device on my home network stops working, Xbox, Phones, computers, everything. My PC will work and the internet is fine. Any idea what would cause this or how to stop it? I have Comcast as my ISP. Thanks
 
Solution
The other way around.

When your VPN is connected, you get an address and a gateway from outside your local network.
The VPN gateway has no clue about where the other devices in your local network are.

When your router is the VPN gateway, it joins your network segment with the remote segment.
Misinformation. The client PC itself doesn't modify the gateway for other clients on the same network segment. The client PC also retains a local network IP and retains a route using that segment's gateway to the VPN endpoint, otherwise you'd have no tunnel. Other hosts on your local network should observe zero impact when using a client VPN on a single computer.

@landsavage what client are you using, and would it be possible to...
If you tunnel all your traffic through VPN, this is how it supposed to be (local network is not public and therefore not accessible through VPN).

The other devices are still having internet, they are not accessible from your machine, did I get it right?
 
Last edited:
That's true for a router based full tunnel VPN, but shouldn't impact other devices with a client based VPN on a single host.
The other way around.

When your VPN is connected, you get an address and a gateway from outside your local network.
The VPN gateway has no clue about where the other devices in your local network are.

When your router is the VPN gateway, it joins your network segment with the remote segment.
 
The other way around.

When your VPN is connected, you get an address and a gateway from outside your local network.
The VPN gateway has no clue about where the other devices in your local network are.

When your router is the VPN gateway, it joins your network segment with the remote segment.
Misinformation. The client PC itself doesn't modify the gateway for other clients on the same network segment. The client PC also retains a local network IP and retains a route using that segment's gateway to the VPN endpoint, otherwise you'd have no tunnel. Other hosts on your local network should observe zero impact when using a client VPN on a single computer.

@landsavage what client are you using, and would it be possible to pcap on another one of your PCs using wireshark or similar for when the VPN is active on your one host? I assume your traffic flow is one that doesn't depend on communicating with the VPN'd local PC. Also some clients permit full tunnel while simultaneously permitting local subnet traffic on your LAN.
 
Solution
The client PC itself doesn't modify the gateway for other clients on the same network segment.
This is exactly what I was going to post but it does act like the pc is affecting the traffic. I looked up the SoftEther software since I did not see it before and at that point decided not to post on this thread. It appears this software is much more complex than simple vpn client software, there are diagrams of site to site vpn.

I am too lazy to learn this software but my guess is this is the cause.
 
Thanks for the responses, and to clarify, I am using a client, two different ones (not at the same time). One is SoftEther, an open source project out of Japan. The other is a paid VPN service, SurfShark.

While using either one, I get the same result, my computer that is using either client, the internet works fine, and I can see this by checking my IP, etc. I can surf, download, etc. Seems to work as it should.

The strange thing that happens is EVERYTHING else on my local network, no longer has internet, kids Xbox stops, my Firesticks, and another laptop. No one can access the internet except me.

It doesn't make any sense because I am using VPN at the PC level, I have not touched the Comcast router. I don't understand as I have used VPN's for work and such and have never seen a network behave this way. I am almost wondering if it has something to do with Comcast... I have tried with US based servers and international based servers, same result every single time.
 
The reason this is really strange is most modern vpn appear as https sessions so comcast would just think you had a web page open on the vpn site....if they even care.
Comcast also can not tell which machine is producing the traffic since it all comes from the single IP of your router. Unless your router has some kind of very strange bug it should also not care about vpn traffic. Maybe if you are using ipsec it is a bug in the helpers but that would be rare and most vpn providers do not use ipsec anyway.

This does not make any sense since the only way for it to block other traffic is if your machine is somehow interfering with the ability of other machines to get to the router.
 
I'm doing some testing now. I have had it on for two hours and just been idle. Everything is working with the SurfShark. Something else might be causing it. Maybe something I am running? Only thing I run with VPN is some browsing and Taxiti. Posting on here now is the first time I have done anything with the VPN connected... internet has been fine up until this point, so perhaps it is not the VPN connection, but something I am doing while the VPN connection is active. I will post back once I confirm.
 
The strange thing that happens is EVERYTHING else on my local network, no longer has internet, kids Xbox stops, my Firesticks, and another laptop. No one can access the internet except me.
Thats new information. It seemed to me that you can’t access local resources while connected with VPN.That would be totally fine in that case.
Try to mirror your routers’ LAN while establishing a VPN session and create a capture so someone can have a look.


The client PC itself doesn't modify the gateway for other clients on the same network segment. The client PC also retains a local network IP and retains a route using that segment's gateway to the VPN endpoint, otherwise you'd have no tunnel.
I agree with the first statement but the second is totally dependent on the software setting. That is why I mention “tunneling all the traffic” - in that case local traffic does not bypass VPN and local devices are only accessible if they have public addresses or mappings. I used to enforce it specifically for security reasons. All this is only effective on machines which run the VPN client and have no influence on other local devices. The main complaint I had from end-users is inability to use local network printers.
 
This does not make any sense since the only way for it to block other traffic is if your machine is somehow interfering with the ability of other machines to get to the router.
There are ways, for example, grabbing all available resources through UPnP and exceeding the routers’ tracking table. I doubt it though. The best way to track I know of, is mirroring and interpreting the snapshot.
 
So my other devices lost internet as soon as I started downloading with Taxiti. Having the VPN connection established seemed to do nothing, but while downloading on it, all devices lose internet except my computer (the one on VPN).

So if I download on Taxiti WITHOUT VPN, everything is fine. It is still very strange, but I lowered some max connection values (in Taxiti) and changed to only allow encrypted connections, and it hasn't disconnected this morning with VPN up and Taxiti downloading/uploading. I am going to head over to the Taxiti forums and see if they may have some insight into what is actually causing it.
 
So if I download on Taxiti WITHOUT VPN, everything is fine. It is still very strange, but I lowered some max connection values (in Taxiti) and changed to only allow encrypted connections, and it hasn't disconnected this morning with VPN up and Taxiti downloading/uploading.
It looks like your (routers’) QoS is allocating all the BW To your VPN and other devices just starve.
Can you ping your gateway from your non VPN devices when that happens? If it is still reachable, it will strengthen my assumption.