Microsoft Office 365 cannot connect over OpenVPN

Well this was a weird one that I discovered when I remoting into my home network from my local Starbucks. During the remote session I needed to check my emails however when I opened MS Outlook I noticed that it would not connect unless I disconnected from my OpenVPN remote session which kind of defeats the purpose of running a VPN when using public wifi.

So after a fair bit of research I found some information on how to get outlook working however this is a work around and it is not without it’s flaws as the workaround requires you to add the default gateway address to your network adapter settings which some argue creates a ‘leak in the system’. I have mentioned this flaw for the sake of transparency, and I will leave it up to you to decide on whether to apply the work around or not. The other alternative would be to use the Office 365 tools online.

So what is the actual issue?

Under Windows 10, Office 365 uses NLA (Network Location Awareness) and NCSI (Network Connection Status Indicator) to determine whether or not, there is a network connection. Both protocols need the default gateway specified for the current active network connection before they report back as having an active network connection therefore allowing outlook to connect.

This theory can be tested by connecting OpenVPN and then running ipconfig /all via command line and if you look for the TAP adapter (used by OpenVPN), you will see that it is listed, but with no default gateway. So the solution would be to add the gateway address to the TAP adapter.

Add the gateway address

Go to Settings\Network & Internet and look for the heading called Change your network settings.

Click on Change adaptor options. You will now see the following window.

Now right click on the Local Area Connection (TAP-Windows Adapter V9). You will now see the following.

Click on the Internet Protocol Version 4 (TCP/IPv4) and then select Properties.

Near the bottom right of the window you will see the Advanced… button, go ahead and click on it.

Under the heading Default gateways, click on the Add button. A small window will open.

Enter the default gateway to your network here. In this instance I have used 192.168.0.1 Your gateway address may vary depending on your network setup. You can find out what your default gateway is by running ipconfig /all via command line.

Now click Add and the window will close and you will see that the gateway address has been added.

Click on OK, click on OK again and finally click on Close. Close the Network Connections window and the Network & Sharing window.

You are now ready to connect OpenVPN and then run Outlook. You will now see that Outlook is connecting via OpenVPN.

Conclusion

As mentioned earlier in this post, this is a workaround for a problem that in my own honest humble opinion, should be addressed by Microsoft. Some will argue (correctly) that this creates a vulnerability as by adding the default gateway to the TAP adapter you are creating a leak in your network. Some may regard this as an acceptable risk and are welcome to implement this. The choice is yours to make.

For me personally If Microsoft cannot or, as it is looking just now, will not fix this issue then I just won’t use Outlook as my mail client. There are plenty of good alternatives out there to choose from.