Journalist 
A quick fact: when your Unifi VPN shows “connected” but you have no internet, the problem isn’t the VPN itself—it’s usually the network path or device settings. This guide gives you a practical, step-by-step approach to diagnose and fix this annoying issue, with real-world tips you can apply today. Below you’ll find a mix of checklists, troubleshooting steps, and quick-win tweaks so you’re back online fast. If you’re looking for extra privacy or better streaming, consider this affiliate option: NordVPN. Clicking this link could help you secure your connection while you troubleshoot, and the link is here for your convenience: NordVPN.
What “Unifi vpn connected but no internet” usually means
- The VPN tunnel is up, but DNS resolution fails.
- The gateway or firewall blocks outbound traffic after VPN connects.
- Split-tunneling misconfiguration sends traffic through the VPN for everything, including local network devices.
- Routing tables on the UniFi USG/Dream Machine UDM/UDW have become tangled.
- The VPN server assigns an IP range that overlaps with LAN, causing conflicts.
Core strategies you’ll learn My vpn keeps connecting automatically heres how to take back control
- Quick checks you can do in 5 minutes to confirm the issue.
- DNS and routing fixes that restore internet access without breaking your VPN.
- How to verify VPN server and client settings for compatibility.
- Advanced tweaks for persistent reliability, including firewall rules and NAT.
- Real-world data and best practices to avoid common pitfalls.
Section index
- Quick win checks 5-minute triage
- Verify VPN and DNS configuration
- Review routing and firewall settings
- NAT, IP addressing, and LAN overlaps
- Client-side troubleshooting Windows, macOS, Linux, mobile
- VPN server-side considerations UniFi hardware and options
- Performance and security tips
- Troubleshooting checklist and common errors
- Frequently Asked Questions
Section 1: Quick win checks 5-minute triage
- Check physical connectivity: confirm the internet connection on the LAN side is up without the VPN. If the WAN/link is down, fix that first.
- Confirm VPN status: the VPN client shows connected, but the routing table may be off. Open a terminal or command prompt and run:
- Windows: ipconfig /all and route print
- macOS/Linux: ifconfig/ip a and ip route
- Ping test: try pinging a public IP 8.8.8.8 and a domain name www.google.com. If ping to IP works but domain name fails, DNS is the likely culprit.
- DNS fallback: set a reliable DNS on the client 1.1.1.1, 8.8.8.8, or your local DNS and retest.
- VPN kill switch: ensure your VPN client isn’t blocking all traffic when it detects a LAN outage.
Section 2: Verify VPN and DNS configuration
- Confirm VPN profile settings: make sure the VPN type OpenVPN, IPsec, WireGuard matches what the UniFi device supports and what the server expects.
- DNS through VPN vs. local DNS: decide whether DNS should go through the VPN tunnel or bypass it for local domains. If you need split-tunneling, configure accordingly:
- Split tunneling enablement where only VPN traffic is tunneled and local network traffic uses the normal gateway.
- If all traffic goes through VPN and DNS fails, consider forcing DNS resolution to the local resolver or a public resolver within the tunnel.
- DNS suffix: ensure the VPN DNS server provides a proper search domain; misconfigurations can cause hostname lookups to fail.
- Test DNS after changes: flush DNS cache and retry domain lookups:
- Windows: ipconfig /flushdns
- macOS: sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
- Linux: sudo systemd-resolve –flush-caches or sudo service nscd restart
Section 3: Review routing and firewall settings
- Routing table sanity check: ensure there is a default route 0.0.0.0/0 through the VPN gateway when connected, or through the LAN gateway if you’re bypassing the VPN for general internet access.
- Override rules: look for any policy-based routing that might force all traffic to the VPN without a gateway for internet, creating a black hole for non-VPN traffic.
- Firewall rules: ensure outbound rules are not blocking VPN traffic, and that NAT is correctly applied for VPN clients to reach the internet.
- MTU issues: sometimes VPN tunnels cause fragmentation. If you see fragmented packets or PPTP/L2TP issues, try lowering MTU/MRU on the VPN interface often 1472 or 1400 as a starting point and test again.
Section 4: NAT, IP addressing, and LAN overlaps Npm not working with vpn heres how to fix it
- IP range conflicts: make sure the VPN subnet doesn’t overlap with your LAN subnet. If they collide, devices can’t route properly.
- DHCP scope: verify there’s no IP conflict with the VPN-assigned addresses and devices on the LAN getting addresses correctly.
- NAT rules: ensure proper NAT masquerade is in place on the edge device so VPN clients can reach the internet via the main WAN.
Section 5: Client-side troubleshooting Windows, macOS, Linux, mobile
- Windows:
- Run a trace route to a known good site tracert 8.8.8.8 to see where traffic stops.
- Disable IPv6 if VPN issues persist; sometimes VPNs mishandle IPv6 DNS or routing.
- macOS:
- Check Network Preferences for VPN connections; ensure the service order prioritizes VPN only for intended routes.
- Flush DNS and disable IPv6 if necessary to test.
- Linux:
- Inspect interface scripts ip a, ip route and adjust routing policy routing if you’re using multiple VPNs or tunnels.
- Check NetworkManager or netplan configuration for VPN integration.
- Mobile iOS/Android:
- Toggle VPN off and back on.
- Forget and re-add the VPN profile.
- Check that the app you’re using isn’t forcing a proxy that blocks connectivity when VPN is active.
Section 6: VPN server-side considerations UniFi hardware and options
- UniFi Security Gateway USG or Dream Machine UDM/UDW:
- Ensure firmware is up to date; updates often fix VPN routing issues.
- Review VPN server settings for the specific type OpenVPN, L2TP, IPSec, WireGuard in newer UniFi OS.
- Confirm VPN client IP pool doesn’t overlap with the LAN IP range.
- VPN server authentication and certificates:
- Expired certs or mismatched CA can surface as “connected but no internet” if the tunnel is up but negotiation fails for routes.
- Logging and diagnostics:
- Enable verbose VPN logs to identify whether traffic is being dropped at the firewall or NAT level.
- Use the UniFi Console/Network app to view real-time VPN status and connected clients.
Section 7: Performance and security tips
- Use split tunneling if most devices don’t need full VPN coverage; this minimizes routing complexity and can restore internet access for non‑VPN traffic.
- Keep firmware and client apps updated; VPN technology evolves quickly and fixes DNS or routing edge cases.
- Consider a dedicated DNS resolver inside the VPN tunnel to prevent DNS leaks and improve reliability.
- Enable a kill switch in your VPN client to prevent accidental data leaks when the tunnel drops; this should be complemented by reliable reconnection logic at the router level.
Section 8: Troubleshooting checklist and common errors
- Common error: DNS resolution fails even though pinging IPs works.
- Solution: adjust DNS, ensure DNS traffic is allowed through the VPN, and test with a known public resolver.
- Common error: no default route when VPN connects.
- Solution: fix routing table to ensure a default route through VPN or adjust split tunneling rules.
- Common error: LAN devices can’t see VPN clients.
- Solution: ensure proper network segmentation, firewall rules, and NAT configurations to allow traffic between VPN clients and LAN devices if needed.
- Common error: VPN reconnects sporadically.
- Solution: check for IP conflicts, MTU issues, and server-side load balancing that might drop connections.
Section 9: Real-world data and best practices Cyberghost vpn extension for edge your go to guide for a safer browser
- In surveys and user reports, misconfigured DNS or conflicting LAN/VPN subnets are the top two culprits for “VPN connected but no internet” scenarios.
- A clean baseline setup helps: keep the LAN on a 192.168.1.0/24 network, assign a dedicated VPN subnet like 10.8.0.0/24 that doesn’t collide with LAN, and route VPN traffic through a stable gateway with NAT.
- Security tip: always test VPN connectivity after any major network change to catch issues early.
Frequently Asked Questions
What causes Unifi vpn connected but no internet?
A mismatch in routing, DNS, or firewall settings when the VPN tunnel is up but traffic can’t reach the internet. Misconfigured VPN split tunneling and overlapping subnets are common causes.
How can I tell if DNS is the problem?
If you can ping IP addresses but not domain names, DNS is the likely culprit. Try changing DNS servers or forcing DNS resolution through the VPN.
Should I enable split tunneling?
Split tunneling can simplify routing and improve internet access for non-VPN traffic, but it reduces VPN coverage. Use it if you don’t need all traffic secured through VPN.
How do I fix a routing loop with VPN?
Check the default route and ensure the VPN tunnel gateway is correctly set as the next hop for VPN traffic, without creating a loop with LAN routes. Proton vpns dns secrets what you need to know and how to use them
Can MTU issues cause this problem?
Yes. A too-large MTU can cause packet fragmentation or drops inside the VPN tunnel. Start with 1400–1472 MTU/MRU and adjust as needed.
Do firewall rules affect VPN connectivity?
Absolutely. A misconfigured firewall can block VPN traffic or NAT, preventing internet access even when the tunnel is up.
How do I verify the VPN server configuration on UniFi?
Review the VPN type, server address, authentication method, and the IP pool assigned to VPN clients. Ensure the server isn’t issuing overlapping ranges with LAN.
What is the difference between VPN passthrough and VPN client on UniFi?
passthrough is about allowing VPN traffic to traverse the firewall; a VPN client on UniFi means the device itself connects to a remote VPN server, creating a tunnel with its own routing.
Can I use a different DNS resolver inside the VPN?
Yes. You can point VPN clients to a trusted DNS resolver inside the tunnel to avoid leaks and improve resolution reliability. The Ultimate Guide Best VPNs For China In 2026 Based On Real Reddit Talk
How often should I update firmware for UniFi VPN devices?
As soon as updates are available and tested for your environment. Regular updates address security fixes and VPN stability improvements.
Appendix: Useful resources and references
- Unifi VPN setup guides and troubleshooting tips – unifi-network-help.example
- VPN concepts and routing basics – en.wikipedia.org/wiki/Virtual_private_network
- DNS troubleshooting tips – support.google.com
- Network tracing and diagnostic commands – microsoft.com, linux.die.net
- NordVPN for enhanced security while troubleshooting – https://go.nordvpn.net/aff_c?offer_id=15&aff_id=132441
Sources:
网页翻墙:全面指南、工具选择、风险与常见问题及实用技巧 Use a vpn on your work computer the dos donts and why it matters