VPN will connect, but Internet pages will not load

Hello, I am having a super odd issue.

Company VPN is set up through Windows Built-in, and 2fa through Duo. running m95 appliances, on firmware version 16.16

This is affecting about a dozen computers now, and each new one I roll it it is affecting as well.
all Computers are on windows 10. Fully up to date with both windows and dell updates.

The issue is I can successfully connect to VPN like normal, but no pages will load in the browser.
I can ping resources by name or IP, both internal and external. (example: google.com, 8.8.8.8, “fs01”, pbs.org, any of my servers direct IP)

unfortunately this even stumped my rep with meraki support.

Please let me know what info I can provide for clarity.

Edit: I did try using the method in this thread but no luck after reinstalling windows like they did in the comments.

Edit2: also have client side firewall disabled, though normally I do not need to do this.

Edit3: reinstalling windows is my only fix for this at the moment. I’m about six computers in and they seem to be working as intended now.

Edit 4: (7/18) uninstall dell optimizer.

So after continued trouble shooting on this issue, we found that it is due to a conflict with the Dell Optimizer Application, removing this app resolves the VPN troubles.

Sounds like you’re using the default gateway on the vpn. Go into adapter options of the tunnel, advanced, IP Settings. See if use default gateway is checked.

Internal DNS server on subnet that is not visible by the dial in VPN. ?

Or no internal DNS and resolving all internal resources by NETBIOS. and that’ll fail because the broadcast traffic on the VPN subnet won’t be reaching the main subnet. ?

There is also an “include in VPN” option for the subnets in the addressing and vlans section. Which you’ll want to have enabled.

Try setting first DNS server as IP address of internal DNS. Make sure you can ping it when connected to VPN. Set secondary DNS to external (8.8.8.8 or whatever your favourite is)

That might well give you internal and external resolution.

Also make sure that the VPN end point internet service provider isn’t blocking UDP traffic on port 53 to DNS servers that don’t belong to the ISP

Thanks for the thread OP, we had a few affected laptops and uninstalling Dell Optimizer did the trick.

Try manually setting your DNS on a PC and see if that works. Sounds like you dont have a DNS server reachable.

Try this. Go to the same advanced to uncheck default GW, uncheck automatic metric and put 1 in the space provided.

Had similar issue… Are you using windows 11 ? If yes then turn off firewall and all Anti virus

Do you have any L7 firewall rules?

https://www.reddit.com/r/meraki/comments/v1qgk3/meraki_layer_7_firewall_incorrect_classifications/

I am having this sam issue so far only on 2 user devices all other remote devices are working fine… I’m running a split tunnel and just like OG post can ping and resolve everything but can not access any help is appreciated

Are you still having this issue?

Just tried it on a computer that was having my issue but no luck for me. Reinstalling windows is my only fix. But this was a good reminder to update my op

Thank you! Removing the Dell Optimizer resolved multiple affected computers which were failing to route over L2tp/IPSec VPN.

It looks like it might be the “Simultaneous Data Transfer” function within it causing issues but I’m not taking any furher risks, it’s outta there!

it is check (by default)

when I uncheck it, i can load normal internet pages, but con no longer ping internal IP addresses or connect to any internal resources.

I can Ping my internal DNS servers

I’m not sure how I can verify your second line beginning with “Or”

Verified, all the necessary vlans are included in the VPN.

tried setting the first dns server to my primary internal, and second to 8.8.8.8 no change

how can I verify that my ISP is not blocking port 53?

Absolutely, it was quite the frustrating thing to work through! Glad it helped!

I have done that actually. and it did not change. I used 1.1.1.1 and 8.8.8.8

Same results but I could no longer ping internal servers by name anymore like FS01. As expected

Correction to my earlier comment, defining the DNS to our internal DNS or external DNS servers does not make a change.

No change when I try this.

Still very stumped on what happened here.

However, after a reinstall of the OS, that seemed to fix my issue and I’ve had to reinstall about a dozen computers so far.