Internet connection while using VPN

Make sure that the VPN connection on the client is at the top of the network services list. To do this, open System Preferences and go to Network. Then, click on the settings button below the list on the left and choose 'Set Service Order...'. Drag the VPN service to the top of the list and click OK and then Apply.

This worked for me - previously when connected to the VPN I could not browse the web or get email

Any use?

mboegem wrote:

I've read quite some threads on this issue, but didn't find this answer, so I'm posting this in order to help others and hoping to get Apple to change this.

While using VPN with the 'send all traffic over VPN connection' option enabled, I lost my internet connection each time.

I need to have this option enabled in order to follow the company policy, but was kind of stuck as I need my browser to log into their support system as well.

Today I played around with the VPN settings and solved the issue by simply adding my DNS server IP or the VPN Router IP to the DNS server list of the VPN connection.

I am glad this solves the issue, but the setting is bound to my location and/or VPN connection I setup.

This means I need to keep checking my DNS servers as soon as I start working from another location and/or use a different VPN connection.

So my question for this discussion:

Why isn't ML capable of determining those DNS settings itself.

There's not a single bit of information I couldn't simply read from the local network connection or active VPN connection.

You should discuss this with whoever manages your VPN. You are by-passing the VPN admin policy.

"While using VPN with the 'send all traffic over VPN connection' option ... .I need to have this option enabled in order to follow the company policy, but was kind of stuck as I need my browser to log into their support system as well."

We can not help you by-pass a company policy.

If I understand you correctly, you found a way to by-pass your company policy. Now you want Apple to automate this by-pass so that you don't have to do it manually. Is this correct?

Again, discuss this with your VPN manager. They may either change their policy, or increase their restrictions on the use of VPN. Maybe they are not aware that users are by-passing their policy. I'm sure the policy is there for a reason, maybe for security, and they likely will be happy to learn of this hole in their security.

mboegem wrote:

The assumption is still not correct.

As soon as I tick the 'send all traffic over VPN connection' checkbox and setup the VPN connection, it seems my internet is cut-off by ML.

As I explained I found out that ML is just lost and doesn't know which DNS to use.

By manually pointing to the DNS IP in the 'VPN Advanced settings' > DNS tab I can solve this issue.

I just don't get why Apple can't make ML determine the DNS settings from the connection that is used to setup the VPN connection.

"As soon as I tick the 'send all traffic over VPN connection' checkbox and setup the VPN connection, it seems my internet is cut-off by ML."

That is how it is supposed to work. Internet is not "cut off" by ML, it is cut off by the VPN policy and remote gateway settings. Selecting this option results in forcing Internet traffic to use the remote gateway. Perhaps in addition to the policy of forcing use of the remote gateway, the VPN admin has restricted Internet traffic through the remote gateway. This would be why you lose Internet connectivity.

Again, talk with your VPN admin. Maybe (s)he does not realize that the remote gateway is blocking Internet access.

Uh, no.

He didn't bypass the routing policy, he specified the address of his company's DNS server. If you read carefully, he fixes the problem by adding an IP address for his company's DNS server, not removing one. And he's still sending all traffic over the VPN.

If I understand you correctly, mboegm, you're not resolving company internal names either? If so, the problem is that Apple's built-in VPN client doesn't correctly priortize the DNS server address that's being pushed down by the VPN server. Here's a description of the problem, and a fix for the prioritization (move the VPN connection up in the connection preference list):

http://slaptijack.com/system-administration/lion-cisco-vpn-dns-workaround/

Unfortunately, Apple has created two separate name resolution systems on Lion. GUI apps should work, but command-line Unix apps (such as "ssh", "ping", "traceroute") won't.