Nested VPN setup - Slate AX

Hi,

Im having issue with my VPN configuration.
Here are the detail:

Devices:

  • Laptop using the Palo Alto Networks(GlobalProtect) VPN for work
  • OPNSense firewall with OpenVPN server
  • Slate AX(GL-AXT 1800) with OpenVPN Client which connects to OPNSense firewall

Connections:

  • Slate AX connect to OPNSense with OpenVPN, all traffic from router goes to firewall
  • Laptop connect to Slate AX by wifi
  • GlobalProtect on laptop will connect to my company via Internet

Expection:
I expect my laptop traffic will through the slate ax to OPNSense then connect to my company.
It will guarantee my traffic will exit from my firewall.
It will also guarantee my laptop public IP address will stay with OPNSense’s public ip.

Issue:
Now, OpenVPN works fine untill the laptop connets to Slate AX and enabled the globalprotect VPN on laptop.
The error shows the Internet can’t be accessed with IPv4 protocol

I have tested few times, whenever the laptop with GlobalProtect VPN enabled connects to Slate AX, the Slate AX become no Internet.

Please let me know what should I do
I can send the log via email if you provide an email address

I noticed you’re using tethering to connect to the Internet. Do you have any special Settings for the Phone?

Nothing special, just regular iPhone’s Personal Hotspot sharing with Maximize Compatibility turned on

I means, does your phone carrier have any restrictions on using VPNS? Maybe you can try another Internet connection.

I don’t think so. My other devices(without GlobalProtect VPN enabled) successfully connect to Internet via Slate AX & OpenVPN.
The screenshot I attached above only happened with my laptop that has the GlobalProtect VPN enabled.

In other words, The OpenVPN tunnel works fine for my other devices but this OpenVPN tunnel got break when global protect VPN enabled.

Strange question, why does the laptop affect the router’s network?

This is so strange. The laptop should not affect the vpn on the router.

Yea That is what I thought.
I can share the log via eml if you tell me the email address

Pls just send to support at glinet.biz
attn: alfie
Pls cite this post