VPN Not Working on Windows 11: What to Check in 2026
If your VPN isn't working on Windows 11, the cause isn't always the VPN service itself. In 2026, what usually breaks is one of the neighboring layers: DNS, the network adapter, routes, firewall, MTU or a conflict with another VPN client. Below is a safe diagnostic order — from quick checks to targeted settings, without risky "magic" tweaks.
> Important: this article is about legal connection diagnostics, privacy and network stability. Do not use a VPN to violate service rules, bypass paid access or perform illegal activities.
Why Windows 11 "breaks" VPNs especially often
Windows 11 can work with several network profiles at the same time: Wi‑Fi, Ethernet, mobile hotspot, the built-in VPN, a third-party client, corporate Always On VPN, DNS over HTTPS, IPv6 and the firewall. When all of these components are enabled simultaneously, the problem can look the same: the VPN is "connected" but websites won't open; Telegram or Discord freeze; YouTube drops quality; the browser complains about DNS.
According to Microsoft documentation, basic Windows diagnostics doesn't start with reinstalling apps but with checking the network, restarting the router, resetting TCP/IP and flushing the DNS cache. Microsoft Learn materials on Always On VPN also highlight RasClient and NPS logs and errors like 800/809, because the connection can fail at different stages: from an unreachable server to blocked UDP ports on an intermediate device.
Quick symptom map
| Symptom | Likely cause | What to check first |
|---|---|---|
| VPN connects but no internet | DNS, default route, MTU | Whether a site opens by IP, whether another DNS works |
| Browser works but not Telegram/Discord | UDP, firewall, split tunnel | App permissions and tunnel mode |
| YouTube lags through VPN | speed, route, server overload | speed test and a different server region |
| VPN won't connect at all | server unreachable, port blocked, client conflict | another protocol/network, client logs |
| Local network disappears after VPN | force tunnel or DNS metric | split tunnel, interface priority |
| DNS error in Windows | cache, DoH, adapter, DNS server | ipconfig /flushdns, DNS settings |
Step 1. Separate the VPN issue from an internet issue
First check whether regular internet works without the VPN. Disconnect the VPN, open 2–3 neutral websites, then test Telegram, YouTube or Discord. If things are bad even without the VPN, don't touch the VPN client: start with Wi‑Fi, the router, drivers and your ISP.
Microsoft's Wi‑Fi help suggests a simple sequence: make sure Wi‑Fi is on, airplane mode is off, the network isn't forgotten, and the router and modem are restarted. The safe restart order for a router is: unplug power, wait at least 30 seconds, turn the modem on, wait for indicators to stabilize, then turn on the router.
If regular internet works and problems begin only after enabling the VPN, move on to the next step.
Step 2. Check DNS: the main reason behind "VPN connected but no sites open"
DNS translates domains into IP addresses. If the VPN set its own DNS but Windows keeps asking the old DNS via Wi‑Fi, some sites may not open. The reverse can also happen: Windows sends all DNS queries through the VPN, but the VPN's DNS server is temporarily unavailable.
Safe check:
- Connect the VPN.
- Open a regular site and one problematic service.
- If the browser says "DNS server not responding," restart the VPN client.
- Flush the Windows DNS cache.
- Check that a third-party DNS client, DoH in the browser and the VPN DNS aren't all enabled at the same time.
Microsoft's network reset commands should be run as administrator and in order:
netsh winsock reset
netsh int ip reset
ipconfig /release
ipconfig /renew
ipconfig /flushdnsAfter winsock reset and netsh int ip reset a reboot is usually required. Don't run these commands every five minutes: it won't speed up the network, it only complicates diagnostics.
We covered a similar scenario in more detail in the article Private DNS interferes with VPN, but on Windows, instead of Android's "private DNS," you more often run into interface metrics, browser DoH and old network adapters.
Step 3. Check which tunnel mode is in use
There are two basic modes:
- Full tunnel / force tunnel — all traffic goes through the VPN.
- Split tunnel — only selected apps, domains or routes go through the VPN.
On Windows this matters for DNS. Technical analyses of Windows VPN show: the system picks DNS not "by feel" but by network interface priority. The interface with the lower metric usually gets higher priority. This creates a paradox: the VPN is connected, but DNS queries leave through your home Ethernet or Wi‑Fi.
For a regular user the takeaway is simple: if only local devices — printer, NAS, router — stopped opening after the VPN connected, full tunnel is probably on. If only internal or "VPN-dependent" domains fail, split tunnel may not have received the required DNS routes.
Don't change interface metrics blindly. First check the VPN client's own settings: is there a "route all traffic through VPN," "exclude local network," "use VPN DNS," or "split tunneling" option. We've already described the logic of selecting apps in detail in VPN split tunneling.
Step 4. Check the firewall, antivirus and old VPN clients
On Windows 11, a VPN client needs permissions to create a virtual adapter and network rules. If your antivirus was recently updated, a corporate agent was installed, "network protection" was enabled or the firewall was changed, the VPN may connect formally but traffic will be cut off.
Check:
- whether two active VPN clients are running at the same time;
- whether old TAP/Wintun/WireGuard adapters remained after uninstalling programs;
- whether the VPN client is allowed through Windows Firewall;
- whether the antivirus is blocking UDP traffic;
- whether a corporate proxy is enabled on top of the VPN.
For WireGuard and similar protocols the virtual adapter is especially important. In the official WireGuard documentation, basic diagnostics centers on interface state, keys, peer, allowed IPs, endpoint and keepalive. On a home Windows PC the user usually doesn't edit all of this manually, but they can check the essentials: the profile is imported in full, the server is selected correctly, and the app shows a successful handshake if such a line exists in the interface.
Step 5. If not everything opens: check the MTU
Sometimes the VPN works "halfway": the messenger sends short text but pictures don't load; the site loads the header but freezes; video starts and immediately buffers. This pattern is often caused not by blocking but by packet size — MTU/MSS.
Don't start with manual registry numbers. First try:
- another server in the VPN client;
- another protocol, if it's officially available in the app;
- another network: Wi‑Fi, Ethernet, mobile hotspot;
- temporarily disabling IPv6 in the specific adapter's settings, if the ISP or VPN clearly conflicts with IPv6;
- updating the VPN client.
If the problem only repeats on one network and only with large pages or video, read the dedicated article VPN MTU: why sites open only halfway. Its diagnostic logic goes deeper, but the basic idea is simple: packets must travel along the route without fragmentation and losses.
Step 6. YouTube, Telegram and Discord: don't mix different problems
Users often write "the VPN doesn't work" even though the symptoms differ:
- YouTube needs stable speed: YouTube's help lists guidelines of 20 Mbps for 4K, 5 Mbps for 1080p and 2.5 Mbps for 720p.
- Telegram is sensitive to DNS, routes and connection quality for media and calls.
- Discord voice depends on UDP and can hang on RTC Connecting or No Route.
So don't evaluate the VPN based on a single service. Test at least three scenarios: a regular site, video, and voice/call. If regular sites open but voice chat doesn't, focus on UDP, the firewall and routing. If video only loads at 360p, focus on speed and server load. If nothing opens by domain at all, go back to DNS.
For FoliVPN, start with the main landing page and service instructions: https://folivpn.org/. If you use a subscription in the app, make sure it has updated and shows the current servers.
10-minute diagnostic checklist
- Disconnected the VPN and confirmed that regular internet works.
- Restarted the VPN client, Windows and the router.
- Tried another server or protocol in the app.
- Flushed the DNS cache with
ipconfig /flushdns. - Confirmed that two VPNs aren't running at the same time.
- Checked the firewall and antivirus network filters.
- Compared behavior on Wi‑Fi, Ethernet and a mobile hotspot.
Use the smallest safe checklist
Open Foli, refresh the subscription and test one network and one route before changing everything.