Router: ASUS RT-N56U running Padavan software.
Basic connectivity: Cable to ISP modem (in bridged mode) and then connects to my ASUS router…
So on my work laptop, I can connect to my router and if I do not connect to my company VPN, everything works fine (via wifi and ethernet). But once I launch the VPN software and connect, I lose access to external sites (again, this happened via both wifi and ethernet connection).
What is weird is, this does not happen if my laptop is connected to basically any other connection (phone as a hotspot, public wifi, other people’s routers…). Even if I bypass the router and connect directly to my modem at home, external sites work fine.
There simply seems to be something within the ASUS router I have that is not allowing external sites to be accessed once the Cisco VPN connection is made. I did try going back to the stock software for my router and it also did not allow external connections once the VPN was connected. I thought my company was simply blocking external access while on VPN, but then I tried it at my folks’ house recently and while on VPN, external sites worked fine.
If tracert’s are needed or screenshots of certain settings on my router are needed, please let me know. For now, I simply disconnect the VPN connection if I need Internet access while using my company laptop at home.
It sounds like you company VPN restricts what you can do, it has nothing to do with your Asus router. Once your VPN is established all of your computer traffic it sent to the business and appears as if all the web traffic it was coming from the company.
They may have settings that only allow you to access internal resources like network drives and email but nothing else, especially if they have proxy server to monitor your web usage and do HTTPS web scanning. If this was a personal laptop then very unlikely to work because you’ll need the company proxy cert on the PC.
However unlikely, it’s a possibility that the VPN and your LAN uses the same IP range which would potentially cause issues like this.
I.E. If your VPN sets all traffic to say 10.0.0.0/8 to go over VPN, and your home network is 10.0.0.1/24, it will essentially hijack all your traffic. And unless your work VPN allows you to access the internet using the VPN, this will result in what you are seeing.
Running
netstat -nr
Will display your routing table as well which should show you the routes given by your VPN.
Is DNS resolving? If not, troubleshoot that. Otherwise, do a traceroute. Hopefully, your company does not block traceroute.
The only baffling part is the external access is not working when I’m home connected to my router, I don’t have this problem anywhere else when on the VPN.
That’s wicked nice to know, holy shit. Thanks. I think you just solved some problems that I’ve done full reinstalls to fix, had I known.
That I’ll have to check when I return home. To check for DNS resolve, I suppose a simple ping to an external site while on VPN should tell me…? I do know I have changed the DNS settings in the router to use Googles… might be worth me taking a peek at.
I would agree /u/theethyr about DNS resolution. The Padavan firmware may not realize it needs to still resolve DNS requests, instead it’s forwarding those on to your company and the break down is happening somewhere in that chain.
Have you used AsusWRT Merlin, AdvancedTomato, or stock and tested, or even an old router laying around. Padavan seems to be a pretty obscure firmware that many would have no idea how to troubleshoot.
Yes a ping will tell you if DNS resolution failed. The DNS settings on the router may not be relevant. Your VPN client will likely override the DNS server used by your laptop.
You may know this already, but ping with a domain name as well as an IP address. For example, “ping google.com” and “ping 172.217.11.14”. If the first fails but the second works then it’s a DNS issue.
For some reason the N56U is left out with a lot of the other custom firmware providers. Merlin and AT do not list my router as a supported device. I did mention in my OP that I tested it out on the stock firmware as well with no luck, but I may try again in case I for some reason am only thinking I tested it on stock…
When not on VPN, ping if fine, when on VPN, ping to both google.com and it’s IP all timeout. ipconfig /all shows DNS servers as Googles (8.8.4.4 and 8.8.8.8).
I have the netstat -nr table in front of me, but not sure what exactly I am looking for to be honest… my router serves up IPs in the 192.168.2.x neighborhood.
https://asuswrt.lostrealm.ca/about
It’s listed as supported by both, I can’t link the merlin download (work web filter blocks it). It sounds like a DNS issue though. When your connected to the VPN, what does “ipconfig /all” return for your DNS.
Could also try manually setting a DNS server as well when on the VPN.
If you’re on the company vpn and you manually set your dns, maybe that could be your issue. Try disabling your manual settings on the router?
When you ping google.com, does it resolve to an IP address? For example:
$ ping google.com
PING google.com (216.58.194.174): 56 data bytes
Did you try tracerouting to 8.8.8.8?
I have the N56U, not the AC.
Once I get home in a few hours, I will check the DNS resolving and such and report back.
I’ll give this a shot tonight, seemed like a no-brainer to try but of course I didn’t think of it.
When on VPN and I ping Google.com, yes it returned an IP address, just all timed out. I did not try a tracert on the DNS server IPs though. I’m going to try /u/Gh0st1y idea and remove the manual DNS setting in the router this evening.
Whoops, completely different. The AC uses ARM and has all the TrendMicro features. Looks like the older N MIPS version is supported by LEDE (OpenWRT) if you have v1.
Anyways DNS is likely the culprit. You might want to right down your work DNS server IP so you can test using it and a public DNS.
If you’re getting an IP address for Google.com then changing the DNS settings on your router probably won’t help. No harm trying. I think the traceroute will provide more insight. It’d be great if you can collect it from two places: your place and your folks’place.