RT-AX88U VPN issues

[meeder]

I am experiencing something strange with my new RT-AX88U router.
On my work laptop certain applications need a VPN connection but others work both through VPN and with a direct connection.
Office365 applications work with both normal and VPN connections.
After I installed the router an issue arose and at first I couldn't believe what happened. When I start the VPN connection Outlook and OneDrive lose their connections. At first I thought it was a problem with our VPN client but when I disconnect the WiFi connection and use the built in 4G modem and connect to the VPN through the 4G network everything works correctly.

I was under the impression that once the VPN connection is successfully made everything should work normally.

 

[ColinTaylor]

What VPN client are you using on the laptop? What operating system does it have?

This sounds like a configuration issue on the laptop rather than anything to do with the router.

 

[meeder]

Check Point Endpoint Security is the VPN client used.
The laptop is a Dell Latitude 5414 running Windows 7.

When I connect to the Asus router and start the VPN the connection is successful but accessing the internet through the VPN doesn't work. Internal applications do work.

When I use the built in 4G modem and the VPN connection it does work as expected and if I use the hotspot function on my phone everything works as well. So I am a bit puzzled at this moment.

What I am going to do next is re-enable the router function of my cable modem and the WiFi of that modem to see if anything changes. If it works through that connection there is something not working properly through the Asus router (which I honestly doubt) or that something is wrong with my internet connection on the ISP side.

 

[meeder]

So, when I enable the router functions of my Cable modem and connect to the WiFi of the cable modem everything works as it should.
When I leave the modem in router mode but connect to the Asus router it doesn't work.
I put the router in a DMZ in the cable modem and it was still the same.
I put the cable modem back in bridge mode and installed the Merlin WRT firmware but still no difference.

With everything I tested I have to conclude that something is going wrong when connecting to the Asus router but I have no clue on what could be the problem here :-(

 

[ColinTaylor]

Maybe there's conflict between the IP range used by the Asus and the IP range used by the VPN. Try changing the Asus' subnet to something like 192.168.50.1/255.255.255.0.

 

[meeder]

That is the IP and subnet I am using on the Asus. The IP range the VPN uses is in the 10.xxx.xxx.xxx range.

I will try a cable between the laptop and router later today and perhaps changing the whole IP range of the router from 192.168.50.xxx to 192.168.2.xxx what it used to be when I used my cable modem as the router.

If that doesn't work I'm really dumbfounded by this situation.

I did some more checking on what works and what doesn't work when I connect to the VPN server.

What works:
Local applications on the company network (internal websites in the company domain)
Accessing websites through Google Chrome

What doesn't work:
Primarily Office 365 applications which go to a office.com domain.
When I open the command line I can't ping office.com, google.com or any other outside domain.

What I simply don't understand is why the parts that don't work act normally when I connect without using the router. When my wife is working form home and uses her company VPN everything works perfectly. When I use NordVPN on my personal PC or phone it works normally.

 

[meeder]

I just found this thread over at Anandtech and the OP has the same problem as I am experiencing.

https://forums.anandtech.com/thread...sites-while-connected-to-company-vpn.2555180/

 

[ColinTaylor]

Split tunnelling was the first thing I thought of but from what I read on the Checkpoint website that is turned on by default. The fact that the problem only occurs with the Asus also suggests that it's something specific to that configuration rather than a global setting like split tunnelling.

Can you check that split tunnelling is enabled? "Route all traffic to gateway" should be set to "No".

 

[meeder]

If I look in the settings of the VPN client the only setting I can find is the one labeled VPN tunneling.
It says: When connected, all outbound traffic is encrypted and sent to the gateway but only trafic directed at site resources is passed. There is a checkbox with that and it says "Encrypt all traffic and route to gateway". This is however a policy setting which I can't change as a user.

If this is the problem, my question is why is it only the Asus router which has problems with this. I can't get why this is possible.

 

[ColinTaylor]

This is sounding more like a web proxy issue. IF the VPN is setup to send all traffic through the VPN (which is typical of a corporate setup) then there is no split tunnelling. In such a case to allow the client access to internet sites the web browser would typically have to be configured to use the corporate proxy server.

Proxy settings are normally pushed to the client's browser automatically, but it's possible that's not working properly. Check with your work's IT department what the settings should be. You might have to set them manually.

 

[meeder]

I am going to contact our IT department. But if it is a problem with proxy settings it doesn't explain why it is only a problem when using the Asus router. When using any router other than the Asus it seems to work.

 

[ColinTaylor]

But if it is a problem with proxy settings it doesn't explain why it is only a problem when using the Asus router. When using any router other than the Asus it seems to work.

Indeed that is a mystery.

On the other hand you said everything works fine if you use Chrome, which might support the proxy theory.

What works:
Local applications on the company network (internal websites in the company domain)
Accessing websites through Google Chrome

 

[meeder]

I will wait until next week so our local system administrator can look into this. IT in our corporate office will probably tell me to ditch the Asus router since the problems started when I installed that, our local IT admin is a bit more down to earth and willing to try things. The only thing that will not happen is them changing something in the VPN settings since they are the same for +/- 10.000 employees.

I even attached an old AVM Fritz!Box as a router and it works through that as well. So the Asus router must be doing something in the mix but I can't seem to find out what it is.

 

[meeder]

Ok, now I am really going completely mad...
I thought, what else can I do to check something which is completely bonkers.
Well, I have a pocket router which I use in hotels. It is a Ravpower Filehub which itself connects to the WiFi network on the Asus router and than has it's own WiFi network which other devices can connect to. So, I connected to that thing with my laptop and it works.
So only if my laptop is connected directly to the Asus router it fails to work properly, if I connect in any other way, whatever what it works as it should...
What is the Asus router doing which causes these problems? I tried it with a direct cable connection to make sure it wasn't wifi related, it isn't.

 

[ColinTaylor]

Are you using stock Asus firmware or Merlin's?

The reason I ask is because there is an option in Merlin's firmware that changes the behaviour of the router's WPAD (which was a particular problem with Windows 7). That's the only thing I can think of that effects proxy settings.

 

[meeder]

I was using the stock Asus firmware but to try some things I switched to Merlin.

 

[ColinTaylor]

I was using the stock Asus firmware but to try some things I switched to Merlin.

Try going to the Tools/Other Settings/Advanced Tweaks and Hacks and changing the setting for "dhcpd: send empty WPAD with a carriage return". Then reboot your PC.

 

[meeder]

Sadly that didn't work. We will be getting Windows 10 later this year so I hope that that will solve these strange issues.

 

[ColinTaylor]

Can I ask you to clarify something.... You said earlier that "Accessing websites through Google Chrome" worked. So what is it that isn't working? Accessing websites using a different browser?

 

[meeder]

Okay... I did some more testing and experimenting. I was just about to reiterate what worked and didn't work when suddenly the connection came alive.
In the end I do think that it might be something proxy related.
What I did when I made the VPN connection was start internet explorer and I went to outlook.office.com and it timed out as it did before. I then opened Chrome and I did the same and it displayed the outlook web application as it should. I still had internet explorer open and suddenly it displayed it as well.
I then started the normal Outlook application and it works normally and OneDrive works as well. So by visiting the outlook.office.com website something changes on the laptop (that's why I am starting to believe that your suggestion of the proxy is correct) which causes everything to work normally.

I can replicate this behavior every time I try it. It might not explain why it works directly with different connections but it is easy enough to start a browser and go to the office.com domain if that solves it for now.