question

Rehy-7606 avatar image
0 Votes"
Rehy-7606 asked ·

L2TP: Windows 10 cannot browse Internet, Mac can

We have the strangest issue.

When we connect a Windows 10 Pro machine to L2TP, we can ping google.com (and any other external site) but cannot browse it both via IP nor URL - after a minute comes Time Out. We can access local resources.

Same network, same L2TP, but on a Mac - no issue.

We have tested 4 Windows 10 Pro machines on different builds, different networks / offices. Same issue. Reset one machine entirely to defaults - set up as personal computer. Same issue. No antivirus installed, Windows firewall disabled.

The registry tweak "AssumeUDPEncapsulationContextOnSendRule" doesn't have any effect.

It seems like it's in the OS settings? What else could have effect on this in Windows 10? How is Windows 10 handling L2TP differently from a Mac?

windows-10-network
· 6
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @Rehy-7606,

This might just be a case of "split tunneling" - choosing whether all IP traffic is routed via the VPN or just the traffic to selected addresses.

One could imagine that "split tunneling" is used by the Mac but not by the Windows 10 machine (by default). Whether traffic from the Windows 10 machine to the Internet works would then depend on the network setup in the remote network (perhaps it allows ICMP traffic to the Internet but not HTTP).

Another possibility is that split tunneling is disabled on the Windows 10 machine but that it can access the Internet via IPv4 and IPv6; the successful pings of google.com might be using IPv6.

Gary

0 Votes 0 ·

Hi Gary, thanks a lot for your response. To your points:

  • Split Tunnelling is not enabled on both Windows and Mac - we selected on both to use the VPN gateway for all traffic

  • We have disabled IPv6 protocol entirely for the VPN testing. Also while doing the pings, we get IPv4 responses.





0 Votes 0 ·

Hello @Rehy-7606,

One approach to understanding what is happening might be to use Event Tracing for Windows (ETW) to trace the Microsoft-Windows-TCPIP provider. The trace will give insight into route selection, firewall filtering, sending and receiving of data and much more. Below is a short sample of what might be visible (the start of an HTTP GET of https://www.google.com):

71075-image.png

Gary

0 Votes 0 ·
image.png (208.9 KiB)
Show more comments

Hi,

Just checking in to see if the information provided was helpful.

If yes, you may accept useful reply as answer, if not, welcome to feedback.

Best Regards,
Sunny

0 Votes 0 ·
SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered ·

Hi,

Thanks for posting in Q&A platform.

When connect L2TP VPN successfully, may I know whether any other application which needs Internet access can work normally?

Besides google.com, can you access to other URL such as youtube.com? Have you try to browse it via other browser?

And here is an article regarding of configure L2TP VPN on Windows server 2019 for your reference.

Set up L2TP/IPSec VPN on Windows Server 2019

Best Regards,
Sunny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 1 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Sunny,

Thanks for your reply. This affects all external sites, not only google.com.

Also other apps are having issues: Teams doesn't connect, Weather works, Spotify doesn't, Teamviewer does work

0 Votes 0 ·
SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered ·

Hi,

Thank you very much for your feedback.

My understanding is that you can connect L2TP VPN successfully but cannot access to the external sites. Please correct me if my understanding is wrong.

This issue may occur if you configure the VPN connection to use the default gateway on the remote network. This setting overrides the default gateway settings that you specify in your Transmission Control Protocol/Internet Protocol (TCP/IP) settings.

To resolve this issue, please configure the client computers to use the default gateway setting on the local network for Internet traffic and a static route on the remote network for VPN-based traffic.

For more detailed steps, please refer to the following official article:

You can't connect to the Internet after you connect to a VPN server

Best Regards,
Sunny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.