TamemJ
← Back to Corporate Tech Fixes

Designed for Enterprise IT Support & Corporate Environments

Networking

VPN Connected but No Internet / Internal Access

Use this guide when the VPN shows connected but users cannot browse, access internal systems, or resolve names. The steps gather useful diagnostics without changing security posture or bypassing VPN policy.

Severity: HighUser Safe
Estimated Fix Time

15-25 min

Access Level

User Safe

Total Steps

6

Author & Verification

Tamem J

IT Solutions Engineer

Last verified: March 3, 2026

Runbooks and troubleshooting guides are reviewed for enterprise-safe usage and avoid security bypass patterns.

Tested on Windows 11 23H2Tested on Windows 10 22H2Tested on macOS Sequoia 15Tested on macOS Sonoma 14

Trust Signals

No ratings yet

0 total helpfulness votes

  • Enterprise Microsoft 365 Administration
  • Endpoint Management (Intune, Jamf, Kandji)
  • Identity & Access (Entra ID, Okta)
#vpn#networking#dns#routing#split-tunnel#windows#macos

Note: “Download as PDF” opens the browser print dialog. Choose “Save as PDF” for a printable runbook copy.

Step-by-Step Resolution

Expand each section as needed

  1. 1

    Confirm what is actually failing

    Info

    Recommended validation or troubleshooting step

    Determine whether the user cannot access internet sites, internal-only resources, or both. Check if the issue started after changing networks (home, hotspot, office) or after a VPN client update.

  2. 2

    Run basic connectivity checks

    Command

    Includes a copyable command block

    Command
    # Windows (PowerShell)
    Test-NetConnection 8.8.8.8 -Port 53
    Test-NetConnection intranet.company.local -Port 443
     
    # macOS (Terminal)
    ping -c 2 8.8.8.8
    nc -vz intranet.company.local 443
  3. 3

    Capture DNS and route details

    Command

    Includes a copyable command block

    Command
    # Windows (PowerShell)
    ipconfig /all
    route print
     
    # macOS (Terminal)
    scutil --dns
    netstat -rn
  4. 4

    Check split-tunnel expectations

    Info

    Recommended validation or troubleshooting step

    Some VPN profiles intentionally route only internal traffic through the tunnel. If public internet works but internal names fail, the issue may be DNS suffix, route push, or access policy, not a full connectivity outage.

  5. 5

    Reconnect cleanly and retest on another network

    Info

    Recommended validation or troubleshooting step

    Disconnect the VPN, reconnect, and test again. If possible, test from a different network (for example, hotspot) to identify home-router DNS or ISP interference.

  6. 6

    Escalate to network/security if routes or policy look incorrect

    Warning

    Review carefully before proceeding

    Escalate to network/VPN engineering when route tables, DNS servers, or tunnel policies appear incorrect. Do not instruct users to disable the VPN, modify security clients, or use personal remote-access tools as a workaround.

Related Fixes by Exact Query

High-intent troubleshooting phrases mapped to related internal guides.