A VPN can show as connected while the user still cannot access the internet or internal company resources.
This usually means the tunnel is active, but traffic, DNS, routing, or permissions are not working as expected.
First checks:
Confirm the VPN is actually connected
Check the VPN IP address assigned to the user
Test internet access with the VPN on and off
Test DNS resolution
Check split tunneling settings
Review firewall policy
Confirm the user’s group or role permissions
Check whether other users are affected
Common causes:
DNS server not reachable
Incorrect route pushed by VPN
Firewall rule blocking traffic
User assigned to the wrong VPN group
Split tunnel misconfiguration
Local network conflict
What to collect before escalating:
Username
Time of issue
VPN client logs
Assigned VPN IP
Source public IP
Destination being accessed
Error message or screenshot
Troubleshooting works best when you separate the problem into connection, DNS, routing, firewall, and permissions.