cancel
Showing results for 
Search instead for 
Did you mean: 

"VPN Split-Tunneling" disabled forces wifi to disconnect

Occasional Contributor

"VPN Split-Tunneling" disabled forces wifi to disconnect

Hello,

So I have these 2 roles on my PCS 9.0R1: one has VPN Tunneling *enabled*, while the other has the feature disabled.

I have 2 Pulse Secure (v 9.0.1) connections on my machine: the 1st is for Wifi and the 2nd is for the PCS appliance.

- If i connect with a username mapped to role 1 - everything works well.

- If i connect with a username mapped to role 2 - the wifi is dropped.

 

My goal is to disable VPN Split-Tunneling, so that traffic be sent by default over the Pulse VPN Tunnel, while also having access to internet for Web browsing, etc.

PROBLEM: wifi disconnects if VPN Tunneling is disabled

 

NOTE: the following features on PCS are left to their default values:

- route precendence = endpoint routes (to allow access for local subnets)

- Always-on Pulse Client = disabled

- VPN only access = disabled

- Wireless suppression = disabled

- Lock down this connection = disabled

 

Can anyone please tell me why my wifi conenction is getting dumped?

Thanks in advance for any tips or guidance.

Cheers,

Tony

5 REPLIES
Ray
Contributor

Re: "VPN Tunneling" disabled forces wifi to disconnect

Hi @tony.f,

 

I am confused by requirement when you said "My goal is to disable VPN Tunneling, so that traffic be sent by default over the Pulse VPN Tunnel, while also having access to internet for Web browsing, etc." I believe you'd like to get split tunnel access which will allows you to access selected intranet resources and internet resources like web browsing, which can be done by disabling the split tunnel under Users roles >> role name >> VPN tunneling >> Split Tunneling >> disable. Is that what you did on the user role 2 settings?

 

In either way, connecting to Pulse VPN should not disconnect the Wi-Fi connection. When you say the Wi-Fi got disconnected, you mean the Wi-Fi icon changes to a "red x mark" or does it says "No internet access" with a yellow excalamation icon on it.

 

Ok, when you see the Wi-Fi disconnects... what happens to the VPN connection? Is it getting disconnected too?

 

Thanks,

Ray.

 

 

Highlighted
Occasional Contributor

Re: "VPN Tunneling" disabled forces wifi to disconnect

Hello @Ray,

 

Thanks for taking the time.

Yes, yes, what I meant was to disable split tunneling!! So yes, role 2 has Split Tunneling disabled. Sorry about the mishap.

As for the Wi-Fi, it gives me a yellow exclamation mark. The tunnel is up and running, I can connect to PCS at the other end of the tunnel. The VPN connection works fine. And when I end this connection on Pulse, I regain access to wifi.

I don't understand why it's behaving like this! Is the Pulse Secure Desktop client the issue?

PS: the Wi-Fi connection is a connection configured also on Pulse Secure (if that changes anything.)

 

Regards,

Tony

Ray
Contributor

Re: "VPN Tunneling" disabled forces wifi to disconnect

Hi @tony.f,

 

It could be ACL configuration done on the VPN server which might block the Microsoft's Network Connection Status Indicator (NCSI) messages.

 

If any network change is detected, Windows will use the Network Connection Status Indicator (NCSI) technology to:

  • Check the connectivity to an Intranet
  • Check the connectivity to the Internet

NCSI determines connectivity using the following process:  

  1. The adapter will send a DNS query for www.msftconnecttest.com*.
  2. If successful, an http GET request is sent for www.msftconnecttest.com/connecttest.txt.
  3. If the client receives an HTTP 200 OK response, NCSI sends a standard DNS query for an A record of dns.msftncsi.com and subsequently a standard DNS query is sent for an AAAA record of dns.msftncsi.com.

If the DNS request in step 1 fails, or the HTTP response is anything other than HTTP 200 OK in step 2, then the LAN adapter and/or the Pulse virtual adapter will display a status of "No Internet access".

 

Since the tunnel mode is full tunnel (split tunnel disabled), please check the VPN tunneling ACL of the user role 2 on the VPN server and make sure you allow the traffic to "www.msftconnecttest.com."

 

If you want to access all internet resources through the pulse VPN tunnel, please use *:* (wildcard allow) entry on the VPN tunneling policies to resolve the issue.

 

Let me know how it goes.

 

Thanks,

Ray.

Occasional Contributor

Re: "VPN Tunneling" disabled forces wifi to disconnect

Hello Ray,

I tried allowing access to all resources (*:*) for all roles but the full tunnel VPN is still disconnecting my wifi connection... With no internet access, the VPN is down and of course the www.msftconnecttest.com/connecttest.txt test fails.

Tony

Occasional Contributor

Re: "VPN Tunneling" disabled forces wifi to disconnect

Hello Ray,

 

I saw this KB: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB41014, so I wanted to mention that my laptop model is HP 840 G4.

Just in case, I downloaded and installed HP Hotkey Support.

Thought I would let you know.

 

Thanks again for following up!

 

Regards,

Tony