Lost access to local network after using VPN program

[Channel2012]

This is a weird one for sure. Last month, I was testing a VPN program (Cisco QuickConnect) for a customer to make sure that their setup works. Ultimately, the test was semi-successful, and we ended up pointing them in a different direction for VPN, but I lost access to all network resources on my laptop's Ethernet interface after that experiment. Here are the specifics of the symptoms:

• Cannot ping the default gateway at my home office (192.168.1.1) any longer
• Can ping an address on the Internet
• Cannot resolve domain names
• The wireless interface on the same is not affected, and is my only way to be able to use this network from this computer now
• As the problem started to occur, some applications were still able to get out to the Internet, (assuming that they still had an active session of some kind going on) but others were not
• No websites can be reached by name or by IP address

I uninstalled QuickConnect right away after this incident and tried again. No change. Tried clearing the Windows routing table. No change. Did a system restore to the time right before the offending program was installed (it was at least nice enough to create a restore point prior to installation). Still no change. Tried reinstalling the Ethernet driver as well. This also was ineffective.

To make a bizarre problem even stranger, this only happens on networks with the same subnet (192.168.1.0/24) that I was trying to connect to and from when the problem first occurred. Others are 100% fine and I can work all day long with the same Ethernet card on any other subnet.
I checked to make sure that no static IP addressing, DNS, or anything strange like that had been set by the VPN program. None had. Any ideas?

 

[samuria]

Open a cmd prompt type
Ipconfig /all

Tracert adobe.com
Tracert 1.1.1.1
Post all results

 

[Channel2012]

Open a cmd prompt type
Ipconfig /all

Tracert adobe.com
Tracert 1.1.1.1
Post all results

Here are my tracert results: (kinda weird!)

tracert adobe.com
  Unable to resolve target system name adobe.com.

tracert 1.1.1.1
Tracing route to 1.1.1.1 over a maximum of 30 hops

  1     *        *        *     Request timed out.
  2     *        *        *     Request timed out.
  3    10 ms    28 ms    22 ms  96.34.43.237
  4    12 ms    15 ms    15 ms  96.34.36.84
  5    13 ms    17 ms    29 ms  96.34.32.34
  6    10 ms    13 ms    14 ms  96.34.2.8
  7    16 ms    23 ms    23 ms  96.34.0.139
  8    17 ms    19 ms    19 ms  96.34.3.9
  9    29 ms    32 ms    21 ms  208.115.136.180
 10    17 ms    21 ms    19 ms  1.1.1.1

Trace complete.

After examining the results of my "ipconfig /all," I noticed that a "DNS Suffix Search list" consisting of "cisco" and "cisco" had been appended to the configuration. Unfortunately, removing this had no effect. The problem still persists after a restart:

ipconfig /all
Windows IP Configuration

   Host Name . . . . . . . . . . . . : LaptopComputer4
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controlle
r
   Physical Address. . . . . . . . . : 00-26-B9-04-E6-FD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d02:71e:bdd6:61a0%26(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.122(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, November 23, 2020 7:20:19 PM
   Lease Expires . . . . . . . . . . : Tuesday, November 24, 2020 7:20:19 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 184559289
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-23-37-7A-00-26-B9-04-E6-FD

   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Dell Wireless 1510 Wireless-N WLAN Mini-C
ard
   Physical Address. . . . . . . . . : 0C-60-76-78-99-F1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter VMware Network Adapter VMnet8:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet
8
   Physical Address. . . . . . . . . : 00-50-56-C0-00-08
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c581:29f8:6227:2f50%15(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.140.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 469782614
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-23-37-7A-00-26-B9-04-E6-FD

   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{FE9F7824-8B34-4BC6-A551-D575E96BEBFC}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8CB4BF7D-E4E6-4729-AC6A-A6C2EF98DEF9}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3C674CC2-87E5-4501-8B35-C7B03C9A043F}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Just to see what would happen, I tried statically addressing that interface... and it worked! If I statically address this computer on this subnet, the problem completely goes away. Flipping back to DHCP, it reliably returns. I'm completely stumped on this.

 

[file3456]

I'm thinking you have a TCP/IP stack issue. Though, you'd think a system restore would have brought that back from before the VPN was installed.

If you haven't entered all of these commands, I have instructions on resetting the crap out of the TCP/IP stack and created a batch file to do all that in one go and made that batch file in an .EXE. You can find these instructions at my website here. I have a pretty tight lid on security so a VPN may get blocked among other things.

Also, try disabling and enabling all network adapters one at a time. Including VMware's NICs. Speaking of VMware, you should have ran this VPN in there first for testing. That's what I do when I'm testing stuff that I don't know how it will play on my host.

 

[file3456]

Now here's something interesting. Here's what one of my VMware NICs says (edited for privacy).

Ethernet adapter VMware Network Adapter VMnet1:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet
1
   Physical Address. . . . . . . . . : 00-50-56-
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.122.105(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 45
   DHCPv6 Client DUID. . . . . . . . : 00-

Your IPv4 looks different than mine and is not a local class B private IP address.

 

[samuria]

The test shows you get out ok as the trace goes to 1.1.1.1 ok what it does show is the dns isnt working as you cant reach adobe.com set your dns to 1.1.1.1 & 1.0.0.1 on all interfaces

 

[Channel2012]

Further Experimentation result

Also, try disabling and enabling all network adapters one at a time. Including VMware's NICs. Speaking of VMware, you should have ran this VPN in there first for testing. That's what I do when I'm testing stuff that I don't know how it will play on my host.

I certainly won't make that mistake next time. For testing questionable software, the Virtual Machine is my go-to. I thought that with it being a trustworthy-sounding vendor, (Cisco) I wouldn't have to worry about something this crazy happening, but apparently I was quite wrong.

I'm thinking you have a TCP/IP stack issue. Though, you'd think a system restore would have brought that back from before the VPN was installed.

I concur. It was too long ago for me to remember if it errored out or anything, but I thought I would've remembered that if it did.

If you haven't entered all of these commands, I have instructions on resetting the crap out of the TCP/IP stack and created a batch file to do all that in one go and made that batch file in an .EXE. You can find these instructions at my website here. I have a pretty tight lid on security so a VPN may get blocked among other things.

Thanks for the tips. I've done some, but certainly not all of, those. Unfortunately, even after performing each one and restarting, the problem persists the same as before. No luck even after disabling/re-enabling all of the other network adapters.

Now here's something interesting. Here's what one of my VMware NICs says (edited for privacy).

Ethernet adapter VMware Network Adapter VMnet1:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet
1
   Physical Address. . . . . . . . . : 00-50-56-
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.122.105(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 45
    DHCPv6 Client DUID. . . . . . . . : 00-

Your IPv4 looks different than mine and is not a local class B private IP address.

I'm not sure exactly why that is. The virtual machines get networked just fine. I do have my virtual machines configured for Bridged mode instead of Nat, however. Not sure if this makes a difference.

Incidentally, in this mode, even with the host computer not being able to reach stuff on the network, the virtual machine has no trouble.

The test shows you get out ok as the trace goes to 1.1.1.1 ok what it does show is the dns isnt working as you cant reach adobe.com set your dns to 1.1.1.1 & 1.0.0.1 on all interfaces

I can set my DNS to anything, but the computer is still unable to reach 192.168.1.1 or any IP addresses on the local subnet while in this glitched state.

 

[samuria]

try this app on all pcs can it see local network and who is master browser?
https://www.nirsoft.net/utils/netbios_scanner.html


Are all pcs in same workgroup?

 

[file3456]

I'm not sure exactly why that is. The virtual machines get networked just fine. I do have my virtual machines configured for Bridged mode instead of Nat, however. Not sure if this makes a difference.

Ah, that's probably why. In bridge mode you share the NIC of the host, thus probably that class of IP address.

Incidentally, in this mode, even with the host computer not being able to reach stuff on the network, the virtual machine has no trouble.

That's an interesting piece of Info. there. I'm wondering if perhaps there's some Cisco VPN remnant left over like a service or driver causing the host to have issues. I'd do two things: run though all of your services looking for something that might be that VPN related and use Autoruns to look for any Cisco remnants. It might help to be in the Everything tab of Autorun and in the search box just search for Cisco. Not sure if caps would matter though. And for the heck of it, run lspfix.

LSP-Fix - a free program to repair damaged Winsock 2 stacks

Autoruns for Windows - Windows Sysinternals | Microsoft Docs

As always, scan all downloads at Virus Total.

 

[Channel2012]

Test results

try this app on all pcs can it see local network and who is master browser?
https://www.nirsoft.net/utils/netbios_scanner.html


Are all pcs in same workgroup?

Yes. All other computers show up fine when on the wireless network, and none show up in the scan when on the wired with DHCP. From another computer, the results are comparable (no response from the computer in question when exclusively on wired with DHCP; responds normally when on wireless or statically addressed on the wired network).

Ah, that's probably why. In bridge mode you share the NIC of the host, thus probably that class of IP address.



That's an interesting piece of Info. there. I'm wondering if perhaps there's some Cisco VPN remnant left over like a service or driver causing the host to have issues. I'd do two things: run though all of your services looking for something that might be that VPN related and use Autoruns to look for any Cisco remnants. It might help to be in the Everything tab of Autorun and in the search box just search for Cisco. Not sure if caps would matter though. And for the heck of it, run lspfix.

LSP-Fix - a free program to repair damaged Winsock 2 stacks

Autoruns for Windows - Windows Sysinternals | Microsoft Docs

As always, scan all downloads at Virus Total.

I scoured services, but didn't see anything related to that program. I also have Cisco AnyConnect for my day job, as well as some Cisco DRM software installed for watching DirecTV, so there are other Cisco services, but none of them seem to be related to QuickConnect. Same goes for AutoRuns. Nothing Cisco, or otherwise, looked terribly out of the ordinary to me.

Finally, I tried LSP-Fix. It was not able to identify any problems.

 

[file3456]

You indicated you've only ran some but not all of the TCP/IP commands. Run them all.

Go to the start orb and in the search box enter, event viewer. Look in the Windows logs and in System, Applications. Look for anything that's an error or warning from network related stuff. It may be under System.

 

[Channel2012]

Checked Event Viewer

You indicated you've only ran some but not all of the TCP/IP commands. Run them all.

Go to the start orb and in the search box enter, event viewer. Look in the Windows logs and in System, Applications. Look for anything that's an error or warning from network related stuff. It may be under System.

No change having run all of the commands, and nothing out of the ordinary in Event Viewer except for a 1014 ("Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.")

 

[file3456]

On its face it sounds DNS, but could be DHCP or the NIC its self. If you go to the properties of your NIC, do you see any components added to the NIC that could be a source of an issue? Is the Internet component version 4 and 6 enabled?

Check your hosts file. I know there is a command to reset the hosts file but I can't find it. How to Edit Your Hosts File on Windows, Mac, or Linux

Go to the Windows firewall and on the left side hit restore defaults.

Start Windows in safe mode with networking. Can you reach a website?

It seems like the NIC is not performing like it should for one reason or another. It could even be router/modem related, though I doubt it.

 

[Channel2012]

Additional results

On its face it sounds DNS, but could be DHCP or the NIC its self. If you go to the properties of your NIC, do you see any components added to the NIC that could be a source of an issue? Is the Internet component version 4 and 6 enabled?

Yes, both are enabled. Aside from VMWare Bridge Protocol, the only thing on that list that doesn't look stock is NetBalancer filter (my use of NetBalancer precedes the occurrence of the problem by a matter of weeks, and possibly months, so I don't think that it is to blame).

Check your hosts file. I know there is a command to reset the hosts file but I can't find it. How to Edit Your Hosts File on Windows, Mac, or Linux

I've got a few things going on in the hosts file, but nothing that I didn't put there, and nothing that appeared there at the time of the incident (a few 0.0.0.0 entries for common advertising domains, and one for the old domain name of the shop phone system).

It seems like the NIC is not performing like it should for one reason or another. It could even be router/modem related, though I doubt it.

Seeing as how the problem goes away once I statically address that same adapter behind the same router on the same network, I am skeptical of all of those things. Since the problem also affects its ability to communicate with other computers on the network, I don't think that the router is a factor either.

I'll try safemode with networking next week when I am by that network again, and report back with the results.

 

[file3456]

Since if you assign a static IP you have Internet again, this to me sounds like the router/modem is not using DHCP correctly. There seems to be a routing table mess up of sorts. When you are statically assigning the IP you are not using DHCP from the router/modem to assign your computer an IP address. Since DHCP is messing up in some way, that would have an affect on NetBIOS. The ability to communicate with other computers. Wireless works because that's a different IP address.

You could try rebooting the router/modem. I would try a reboot first. Then if that fails try a reset. In fact, if you can plug right into the modem bypassing the router, does Internet work?

Funny thing for me. I have a Blu-ray player and it needs Internet access for its Apps. DHCP would not work with that thing at all, but once I assigned a static IP to the Blu-ray player I then got Internet access. Not too sure what to make of that. I do use third party firmware called Asus Merlin. I used to use DD-WRT, but now I'm thinking of going back for the features. I need VLAN and in Asus Merlin that's only available via command line which I'm not messing with. In DD-WRT it's via a simple GUI. There is a VLAN of sorts in Asus Merlin, but it's just a WIFI guest network. I used that to partition off my IoT stuff to deny local network access. Anyway.. LOL

What kind of router anyway? Is it some Cisco appliance router? I have no idea how to use those. But to bypass the router you'd want to connect directly to the source of the Internet like the modem or some other router that hands out IP addresses. If you get Internet, then the router you're connecting to is likely the issue.
I know this doesn't make any sense given this was just from a piece of VPN software, but I'm thinking the VPN may have did something router-wise. I have no idea. Like in my Blu-ray player case, I don't know why my router won't work with it. But assigning a static IP solves the issue. It could be down to protocol or something.