VPN Not Working on Windows 11 — How to Fix
Short answer: Test your internet without the VPN first — disconnect and load any page. If the connection itself is broken, fix that before blaming the VPN. If the internet works without it but fails when connected, the usual causes are a stuck TAP adapter, a DNS leak, or a firewall block; reinstall the VPN's network adapter, switch protocols, and flush DNS with ipconfig /flushdns.
Check if your internet works without the VPN first. Disconnect the VPN, open a browser, load any page. If the internet itself is broken, the VPN isn’t your problem — fix the underlying connection first. If internet works fine without VPN but fails with it connected, keep reading.
Windows 11’s built-in VPN client broke after the KB5037771 cumulative update in mid-2024 and it’s been flaky ever since for specific VPN protocols. L2TP/IPsec and SSTP connections using the Windows native VPN client — Settings, Network & Internet, VPN, Add VPN — started failing with “Can’t connect to VPN” or error 809/720. Microsoft partially fixed it in subsequent patches but the Windows VPN client still has issues with certain L2TP configurations. If you’re using the built-in client, try updating Windows to the latest cumulative update first.
For third-party VPN apps — NordVPN, ExpressVPN, Surfshark, Mullvad, Cisco AnyConnect, GlobalProtect — the first thing to try is the TAP adapter. Every VPN creates a virtual network adapter. When it corrupts or conflicts with Windows, the VPN connects but no traffic flows through. Open Device Manager, expand Network adapters, find anything named “TAP-Windows Adapter” or “WireGuard Tunnel” or your VPN’s adapter name. Right-click, Uninstall device. Restart your VPN app — it reinstalls the adapter fresh. If it doesn’t reinstall automatically, reinstall the VPN application entirely. If the adapter keeps corrupting, a full network reset rebuilds the entire stack — just know it wipes your WiFi passwords and VPN profiles too.
DNS Leaks and Split Tunneling
VPN connected but some sites won’t load, or you get “Your ISP can see your activity” warnings from the VPN app? That’s a DNS leak — your traffic goes through the VPN tunnel but DNS queries still go to your ISP’s servers. Windows 11 made this worse by caching DNS resolutions aggressively.
Open an admin Command Prompt and run ipconfig /flushdns. That clears the stale DNS cache. Then check your DNS settings — our DNS change guide covers both methods and DNS over HTTPS. Settings, Network & Internet, Wi-Fi (or Ethernet), your connection, Hardware properties, DNS server assignment. If it says “Automatic (DHCP),” your ISP’s DNS is being used when the VPN should be overriding it. Most VPN apps handle this automatically but some don’t, especially on reconnection.
In the VPN app settings, look for “DNS leak protection” or “Use VPN DNS only” and make sure it’s enabled. If using the Windows built-in VPN, you need to set this manually — open the VPN connection properties, Networking tab, Internet Protocol Version 4, Properties, Advanced, uncheck “Use default gateway on remote network” if you want split tunneling, or check it if you want all traffic through VPN.
Firewall and Antivirus Blocking
Windows Defender Firewall sometimes blocks VPN traffic, especially after updates. The quickest test: temporarily turn off the firewall (Settings, Privacy & Security, Windows Security, Firewall & network protection, click Domain/Private/Public network and toggle off). If the VPN works with firewall off, you need to add firewall exceptions for your VPN app.
Better than disabling: Windows Security, Firewall & network protection, Allow an app through firewall. Click Change settings, then Allow another app, Browse, find your VPN executable. Make sure both Private and Public boxes are checked.
Third-party antivirus is worse than Windows Firewall for VPN blocking. McAfee, Norton, and Bitdefender all have their own firewalls that interfere with VPN tunneling. If you recently updated your antivirus and the VPN stopped working, that’s probably it. Add the VPN as an exception in your antivirus, or test by temporarily disabling the antivirus firewall.
Corporate VPNs — Cisco AnyConnect, Palo Alto GlobalProtect, Fortinet FortiClient — have additional issues because they install their own network drivers that conflict with personal VPNs. If you have a work VPN and a personal VPN, they almost certainly can’t run simultaneously. The corporate VPN typically takes priority and blocks the personal one. Some employers specifically block personal VPNs through their endpoint management — in that case there’s no technical fix, it’s a policy decision.
If your VPN connects but is unusably slow — like websites take 30 seconds to load — try changing the VPN server. The server you’re connected to might be overloaded. Also try changing the VPN protocol in app settings from OpenVPN to WireGuard, which is significantly faster on most connections. If speed is bad on every server, your ISP might be throttling VPN traffic — switching protocols helps because WireGuard traffic is harder for ISPs to identify. If your internet is slow without VPN too, the VPN isn’t the bottleneck. If nothing here fixes it and you need VPN for work, our network troubleshooting service can diagnose the specific protocol, adapter, and firewall configuration remotely.
Frequently Asked Questions
Why does my VPN keep disconnecting on Windows 11?
Most VPN disconnections on Windows 11 are caused by a corrupted TAP/WireGuard virtual adapter. Open Device Manager, find the TAP-Windows Adapter under Network adapters, uninstall it, and restart your VPN app — it reinstalls the adapter fresh. If disconnections happen specifically after sleep or wake, disable USB selective suspend in Power Options.
Why can't I connect to VPN after a Windows Update?
The KB5037771 update in mid-2024 broke Windows 11's built-in VPN client for L2TP/IPsec and SSTP protocols. Microsoft partially fixed it in later patches. Update to the latest cumulative update, or switch to a third-party VPN app which uses its own drivers instead of the Windows VPN client.
VPN is connected but I can't access any websites — what's wrong?
The VPN tunnel established but DNS isn't resolving through it. Run ipconfig /flushdns in an admin Command Prompt. Then check your VPN app settings for 'DNS leak protection' or 'Use VPN DNS only.' If using the Windows built-in VPN, go to the VPN connection properties, Networking tab, check that 'Use default gateway on remote network' is enabled.
Can my antivirus block VPN?
Yes. McAfee, Norton, and Bitdefender all have their own firewalls that interfere with VPN tunneling. Add your VPN application as an exception in your antivirus firewall settings. If the VPN broke right after an antivirus update, the update likely tightened firewall rules that block VPN protocols.