HackTheBox VPN Internet Not Working (AKA Enable Split Tunneling on HTB VPN)

HackTheBox VPN Internet Not Working (AKA Enable Split Tunneling on HTB VPN)

A common frustration for Kali Linux users when they create a VPN connection to Hack The Box is that often, Internet access disappears like a fart in the wind.  It’s often more of a nuisance than anything but some of the challenges have web applications that tried and load internet based resources (such as font files or JS files from CDN networks), that means these applications don’t load properly.

Fortunately, the problem – and the fix – are both relatively simple: for some reason the HackTheBox VPN configuration applies a default route to the routing table that captures all requests and directs them to the HTB network, rather than allowing split tunnelling.

To resolve this:

Establish a VPN connection with HackTheBox

Open a terminal window and enter the routes command:


You should be presented with something similar to this:

Note the top default route (marked with a red x), this is what is capturing all traffic yet the route at the bottom (green tick) also routes traffic for the subnet over the VPN, so the top one is not needed:

To delete the top route, enter the following command, updating to match the details of your route (such as IP address and Iface):

sudo route del -net default gw netmask dev tun0

You should now have Internet access on your machine!


Unfortunately at the moment, this route returns every time you restablish a connection, I simple have the command in a bash script I run after connecting.

Bob McKay

About Bob McKay

Bob is a Founder of Seguro Ltd, a full time father and husband, part-time tinkerer-with-wires, coder, Muay Thai practitioner, builder and cook. Big fan of equality, tolerance and co-existence.

Disclosure Policy

16 comments on «HackTheBox VPN Internet Not Working (AKA Enable Split Tunneling on HTB VPN)»

  1. yahya says:

    dosnt work for me

    1. Bob McKay says:

      Are you seeing an error? Can you provide any more information?

      1. John says:

        for me it is saying SIOCDELRT: No such device found. Weird because it worked for me yesterday but giving problems now

      2. John says:

        actually just worked. didn’t change the command at all

  2. TheOtherJohn says:

    Great post. I almost did this and then thought how can I modify the connection to be persistent and I found a checkbox in Kali’s network preferences. In the VPN settings > IPv4 Settings > Routes, there is a check box for “Use this connection only for resources on its network”. Checking that box gave me back normal Internet access. I’m using the desktop, so I don’t have a suggestion for the cli.

    1. GermanGrammyWinner says:

      Genius! This worked! I`m using Ubuntu as host and it worked as a charm! Thanks dude!

  3. w01verine says:

    First of all great post, unfortunately that didn’t work for me. However…
    This has fixed issues for me in the past and I’m not sure why I didn’t think to it. If you are running a VPN on your host computer while running OpenVPN in a VM, the web pages won’t load for you. Turning off my host VPN allowed the OpenVPN connection to go through and I was able to fully connect. This was boggling me because I was able to ping and even do a full Nmap scan of the target but I was not able to connect to the webpage. Hope this helps others who were still troubleshooting after recommendation.

  4. disnhau says:

    It works. Thanks

  5. babajack says:

    If anybody like me still has problems in 10 years or so…

    for me it was the MTU. Had help from support. Told me
    sudo ip link set dev tun0 mtu 1200
    so I added
    tun-mtu 1200
    in the .ovpn file to not manually changing it everytime. Value might differ for you.

    1. Bob McKay says:

      Thanks for update babajack, always useful to see what has helped others!

  6. A Siozopoulos says:

    I know it’s a small typo but it’s route not routes 🙂

    1. Bob McKay says:

      Thanks bud – silly typo but could’ve confused some!

  7. alexvallau says:

    Update Here, it worked for me, thanks !

    1. Bob McKay says:

      Hey Alex, thanks for the comment and glad it helped!

  8. camlen92 says:

    For some reason on kali 2024.1 you have to use “sudo ip route del default dev tun0” to allow Internet access on the HTB VPNs instead of your method above.

    You may want to double check that “default dev tun0” is the right entry to remove before running that command. Simply run “ip route” and check to see if there is a entry:

    └─$ ip route
    default via dev tun0 proto static metric 50

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.