Troubleshooting No Internet When Not On VPN On Elementary OS Hera

Encountering internet connectivity problems after setting up a VPN on a Linux distribution, such as elementary OS, is a common issue. This article delves into the potential causes and solutions for resolving internet access problems when your VPN is disconnected. Focusing on elementary OS 5.1.7 Hera, this guide provides a detailed approach to diagnosing and fixing these issues, ensuring a stable and reliable internet connection whether you're using a VPN or not.

Having no internet connection when not connected to a VPN, particularly after installing and configuring a VPN client like ProtonVPN, can be a frustrating experience. The core issue often stems from how the VPN setup has altered your system's network configuration. When a VPN is active, it reroutes your internet traffic through its own servers, effectively changing your default gateway and DNS settings. The problem arises when these settings are not correctly reverted to their original state upon disconnecting from the VPN. This misconfiguration can leave your system unable to access the internet directly, as it may still be trying to route traffic through the now-inactive VPN tunnel. To effectively troubleshoot this problem, it’s essential to understand the underlying network settings that the VPN client modifies and how to restore them to their default values when the VPN is not in use. This involves examining your routing table, DNS settings, and firewall rules to identify any lingering VPN configurations that are blocking your internet access.

Several factors can contribute to the loss of internet connectivity when a VPN is not active. Understanding these causes is crucial for effective troubleshooting. Here's a breakdown of the common culprits:

1. DNS Configuration: VPNs often change your DNS settings to use their own servers for added privacy. If these settings aren't reverted when you disconnect, your system may not be able to resolve domain names, leading to a lack of internet access. This is a very common issue, as the system continues to use the VPN's DNS servers which are only accessible when the VPN connection is active.
2. Routing Table Modifications: A VPN alters your routing table to direct traffic through the VPN tunnel. If these routes aren't cleared after disconnecting, your system might still try to send traffic through the VPN, resulting in connection failures. This can be a complex issue to diagnose, as it requires understanding how routing tables function and how to manipulate them.
3. Firewall Rules: Some VPN setups involve firewall configurations to prevent traffic from leaking outside the VPN tunnel. Overly restrictive firewall rules can block internet access when the VPN is off. It is important to review your firewall settings, especially if you used a VPN client that automatically configures the firewall.
4. VPN Client Issues: Bugs or misconfigurations in the VPN client itself can sometimes cause connectivity problems. Ensuring your VPN client is up-to-date and properly configured is essential. Checking the client's logs and settings can often reveal the root cause of the issue.
5. Network Manager Conflicts: Conflicts between the VPN client and the Network Manager (the service that manages network connections in Linux) can also lead to connectivity problems. Ensuring that the VPN client integrates correctly with Network Manager is crucial for seamless operation.

To effectively resolve the issue of no internet access when not connected to a VPN on elementary OS Hera, follow these step-by-step troubleshooting methods:

1. Check Basic Network Connectivity

Before diving into complex configurations, it's important to rule out basic connectivity issues. First, ensure your Wi-Fi or Ethernet connection is active and properly connected to your network. You can check this by looking at the network icon in the system tray. If you're using Wi-Fi, make sure you're connected to the correct network and that the signal strength is good. If you're using Ethernet, verify that the cable is securely plugged into both your computer and the router or modem. Next, test basic internet connectivity by opening a terminal and using the ping command. Ping a reliable external server, such as Google's DNS server (8.8.8.8), by typing ping 8.8.8.8 and pressing Enter. If you receive replies, it indicates that your system can reach the internet at a basic level. If the pings fail, the issue might be with your internet connection itself, rather than the VPN configuration. In this case, you should troubleshoot your modem, router, and internet service provider connection before proceeding with VPN-specific troubleshooting.

2. Review DNS Settings

The Domain Name System (DNS) translates domain names (like google.com) into IP addresses, which computers use to communicate. VPNs often change your DNS settings to use their own servers for enhanced privacy and security. However, if these settings are not correctly reverted when you disconnect from the VPN, your system may not be able to resolve domain names, leading to a loss of internet access. To check your current DNS settings on elementary OS Hera, you can use the systemd-resolve --status command in the terminal. This command displays detailed information about your DNS configuration, including the current DNS servers being used. Look for the "Current DNS Server" section in the output. If you see the VPN's DNS servers listed when you're not connected to the VPN, this is likely the cause of your problem. To resolve this, you can manually configure your DNS settings to use a public DNS server, such as Google's (8.8.8.8 and 8.8.4.4) or Cloudflare's (1.1.1.1). You can do this through the Network settings in elementary OS. Navigate to Settings > Network, select your active connection (Wi-Fi or Ethernet), and click on the settings icon. In the IPv4 tab, change the DNS setting from "Automatic" to "Manual" and enter the preferred DNS servers. After applying these changes, restart your network connection or reboot your system to ensure the new DNS settings are in effect. This should restore your ability to resolve domain names and access the internet without the VPN.

3. Examine the Routing Table

The routing table is a critical component of your system's network configuration, dictating how network traffic is directed. When a VPN is active, it modifies the routing table to ensure all traffic passes through the VPN tunnel. However, if these changes are not properly reverted upon disconnection, your system might still try to route traffic through the VPN, even when it's not active, leading to internet connectivity issues. To examine your routing table on elementary OS Hera, open a terminal and use the route -n command. This command displays the routing table in numerical format, making it easier to read. Look for any routes that have the VPN's IP address as the gateway. These routes indicate that traffic is still being directed through the VPN. If you find such routes, you'll need to remove them. To do this, you can use the sudo route del -net <VPN_IP> gw <VPN_Gateway> command, replacing <VPN_IP> with the VPN's network IP address and <VPN_Gateway> with the VPN's gateway IP address. You can usually find these details in the VPN client's configuration or logs. After removing the VPN-specific routes, restart your network connection or reboot your system to apply the changes. This should restore your system's ability to route traffic directly through your default gateway, resolving the internet connectivity issue. Regularly checking your routing table after disconnecting from a VPN can help identify and resolve these issues promptly.

4. Check Firewall Settings

Firewalls are essential for network security, controlling incoming and outgoing traffic based on predefined rules. VPN setups often involve configuring firewall rules to prevent traffic from leaking outside the VPN tunnel, ensuring all data is routed through the VPN when it's active. However, overly restrictive firewall rules can inadvertently block internet access when the VPN is disconnected. If your firewall is blocking traffic, you may experience a complete loss of internet connectivity or intermittent connection issues. To check your firewall settings on elementary OS Hera, you can use the sudo ufw status command in the terminal. UFW (Uncomplicated Firewall) is the default firewall management tool on Ubuntu-based systems like elementary OS. This command displays the current status of the firewall and lists any active rules. Review the output for any rules that might be blocking outgoing traffic when the VPN is not active. Common issues include rules that explicitly deny traffic to specific ports or IP addresses. If you identify any problematic rules, you can remove them using the sudo ufw delete <rule> command, replacing <rule> with the rule number or description. For example, sudo ufw delete deny 192.168.1.0/24 would remove a rule that denies traffic to the 192.168.1.0/24 network. Alternatively, you can reset the firewall to its default state using the sudo ufw reset command, which removes all existing rules. However, be cautious when doing this, as it will also remove any custom firewall rules you've set up. After making changes to your firewall settings, restart the firewall service using sudo systemctl restart ufw or reboot your system to apply the changes. Ensuring your firewall rules are correctly configured is crucial for maintaining both security and internet connectivity.

5. Review VPN Client Configuration

VPN client software plays a critical role in establishing and managing VPN connections, and misconfigurations or bugs within the client can lead to various connectivity issues. A thorough review of your VPN client's configuration is essential when troubleshooting internet access problems. Start by ensuring that the VPN client is up-to-date. Outdated software may contain bugs that cause connectivity problems. Check the VPN client's website or software update mechanism for the latest version and install any available updates. Next, examine the client's settings for any options that might be interfering with your internet connection. Some VPN clients have features like a "kill switch," which blocks all internet traffic if the VPN connection drops, or options to automatically modify DNS settings. Ensure these features are configured correctly and are not causing the issue. Disabling the kill switch temporarily can help determine if it's the source of the problem. Also, check the VPN client's logs for any error messages or warnings that might provide clues about the cause of the connectivity issues. The logs often contain detailed information about connection attempts, errors, and other relevant events. If you find any errors, research them online or consult the VPN provider's support resources for assistance. In some cases, reinstalling the VPN client can resolve configuration issues or corrupted files. Before reinstalling, completely uninstall the existing client and remove any associated files or directories. Then, download the latest version from the VPN provider's website and follow the installation instructions. By carefully reviewing the VPN client's configuration, you can identify and resolve many connectivity problems.

6. Check for Network Manager Conflicts

Network Manager is a system service that manages network connections on Linux systems, including elementary OS Hera. Conflicts between the VPN client and Network Manager can sometimes lead to internet connectivity issues. These conflicts can arise if the VPN client and Network Manager are both trying to manage the same network interfaces or settings simultaneously. To check for potential conflicts, start by examining the Network Manager's settings. You can access these settings through the Network settings in elementary OS. Look for any VPN connections that are configured in Network Manager. If you're using a dedicated VPN client, it's best to avoid configuring the same VPN connection in Network Manager, as this can lead to conflicts. If you find duplicate VPN configurations, remove the one in Network Manager and rely solely on the VPN client for managing the connection. Next, ensure that the VPN client is properly integrated with Network Manager. Some VPN clients provide specific instructions or packages for integration with Network Manager. Follow these instructions carefully to ensure seamless operation. If you're experiencing persistent connectivity issues, try restarting the Network Manager service. You can do this by opening a terminal and running the command sudo systemctl restart NetworkManager. This will restart the service and may resolve any temporary conflicts. Checking the system logs for any error messages related to Network Manager or the VPN client can also provide valuable clues. The logs are typically located in the /var/log/syslog file. By carefully checking for conflicts and ensuring proper integration, you can resolve many Network Manager-related connectivity issues.

7. Test with Different VPN Protocols

VPN protocols are the methods used to establish a secure connection between your device and the VPN server. Different VPN protocols have different characteristics, and sometimes connectivity issues can be specific to a particular protocol. If you're experiencing internet access problems when not connected to the VPN, it's worth testing with different VPN protocols to see if one works better than another. Common VPN protocols include OpenVPN, IKEv2, WireGuard, and L2TP/IPsec. OpenVPN is a widely used and highly secure protocol, but it can sometimes be slower than others. IKEv2 is another secure protocol that is often faster and more stable than OpenVPN, especially on mobile devices. WireGuard is a relatively new protocol that is known for its speed and efficiency. L2TP/IPsec is an older protocol that is generally less secure and slower than the others, but it may be useful in situations where other protocols are blocked. To test with different VPN protocols, you'll need to configure your VPN client to use the desired protocol. Most VPN clients allow you to select the protocol in their settings. Try connecting to the VPN using each protocol and then disconnect to see if the internet access issue persists. If you find that one protocol works consistently better than others, you may want to use it as your default protocol. However, it's important to consider the security implications of each protocol and choose one that meets your needs. If you're still experiencing issues, consult your VPN provider's documentation or support resources for specific guidance on protocol selection and configuration.

8. Reset Network Configuration

If you've tried all the previous troubleshooting steps and are still experiencing internet connectivity issues when not connected to the VPN, a more drastic measure you can take is to reset your network configuration. This will revert your network settings to their default state, which can resolve persistent issues caused by misconfigurations or conflicting settings. Resetting your network configuration will remove all custom network settings, including static IP addresses, DNS server settings, and routing table entries. Before proceeding, it's important to back up any custom network configurations that you might want to restore later. To reset your network configuration on elementary OS Hera, you can use the Network Manager command-line tool, nmcli. Open a terminal and run the command sudo nmcli networking off to disable networking. Then, run the command sudo nmcli networking on to re-enable networking. This will effectively reset the Network Manager's configuration. Alternatively, you can manually reset the network configuration files. The primary network configuration file is /etc/network/interfaces. You can edit this file using a text editor with root privileges, such as sudo nano /etc/network/interfaces. Replace the contents of the file with the default configuration, which typically includes only the loopback interface. Another important file is /etc/resolv.conf, which contains DNS server settings. You can reset this file by deleting it and restarting the network service. Network Manager will automatically regenerate this file with the default DNS settings. After resetting your network configuration, restart your system to apply the changes. You may need to reconfigure your network settings, such as Wi-Fi passwords and static IP addresses, after the reset. If the internet connectivity issue is resolved after the reset, it indicates that the problem was caused by a misconfiguration in your network settings.

Troubleshooting internet connectivity issues after using a VPN can be complex, but by systematically addressing the common causes, you can restore your internet access. Remember to check basic connectivity, review DNS settings, examine the routing table, check firewall settings, review the VPN client configuration, check for Network Manager conflicts, test with different VPN protocols, and, if necessary, reset your network configuration. By following this comprehensive guide, you can effectively resolve internet connectivity problems and ensure a seamless online experience on elementary OS Hera, whether you're connected to a VPN or not. Always ensure that you understand the changes you're making to your system and back up any critical configurations before making significant changes.