To use a VPN inside RDP without changing the RDP IP or causing connection loss, you must configure split tunneling (or policy-based routing) so that the RDP traffic is excluded from the VPN tunnel. By forcing only selected traffic through the VPN and keeping the RDP session routed via the original gateway, the remote desktop connection remains stable and the server’s public IP does not change. The key is to prevent the VPN from modifying the default route used by the active RDP session.
Now let’s explore this in depth and walk through the correct technical setup.
How to Use VPN Inside RDP Without Changing RDP IP or Connection Loss
Using a VPN inside a Remote Desktop session can be tricky. By default, when you activate a VPN on a server, it changes the routing table and replaces the default gateway. Since RDP traffic depends on the original network route, enabling a VPN often causes:
Immediate RDP disconnection
Public IP change
Session drop
Firewall mismatch
This happens because RDP traffic suddenly tries to pass through the VPN tunnel instead of the original network interface.
To prevent this, you must control how traffic is routed.
Why RDP Disconnects When VPN Is Enabled
When you connect to a server using Remote Desktop Protocol, your connection is established through the server’s public IP. Once a VPN is enabled inside that server:
The VPN modifies the routing table.
The default gateway changes to the VPN adapter.
All outgoing traffic—including your RDP session—attempts to exit through the VPN tunnel.
The response path changes.
Your RDP session drops instantly.
The solution is not to avoid VPN usage—but to control routing behavior.
Solution 1: Enable Split Tunneling (Recommended)
Split tunneling allows you to specify which traffic goes through the VPN and which traffic bypasses it.
How It Works
Instead of routing all traffic through the VPN, you:
Keep the default gateway unchanged
Route only specific IP addresses or applications through the VPN
Exclude the RDP connection IP from the VPN tunnel
This preserves the RDP session while allowing other traffic to use the VPN.
Step-by-Step Configuration (Windows Server)
If you are using Windows Server:
Step 1: Install Your VPN Client
Install your preferred VPN client but do not connect yet.
Step 2: Open VPN Settings
Look for:
Split Tunneling
Advanced Routing
Policy Routing
“Do not use VPN for these addresses”
Many enterprise VPNs support this feature.
Step 3: Exclude the RDP Client IP
You must exclude the IP address you are connecting from.
For example:
If your local IP is:
Add it to the exclusion list so traffic to and from this IP does NOT use the VPN.
This ensures the RDP session remains on the original network adapter.
Step 4: Verify Routing Table
Open Command Prompt and run:
Confirm:
Default route still points to original gateway
VPN routes are specific (not overriding 0.0.0.0/0)
If the VPN sets a full default route (0.0.0.0), your session will disconnect.
Solution 2: Disable “Use Default Gateway on Remote Network”
If you are using Windows built-in VPN:
Open Network Connections
Right-click VPN adapter
Click Properties
Select IPv4 → Advanced
Uncheck:
Use default gateway on remote network
This prevents the VPN from overriding the main route.
This method is especially useful when configuring VPN manually on Windows Server environments.
Solution 3: Use Static Route Instead of Full Tunnel
Advanced users can manually add a static route.
Example:
If you want traffic to 10.10.0.0/16 to use the VPN:
This way:
Only specific traffic goes through VPN
RDP traffic stays on original gateway
No IP change occurs
This is the most stable long-term solution for production servers.
Solution 4: Use Dual Network Interfaces (Professional Setup)
For enterprise servers, consider:
One network adapter for public/RDP
One network adapter dedicated to VPN
This ensures:
RDP always uses primary interface
VPN uses secondary adapter
No routing conflicts occur
This setup is common in hosting providers and cloud environments.
Important: Identify Your RDP Connection IP
Before enabling VPN, always check:
Port 3389 is default RDP port.
Identify the established connection and note the remote IP.
You must exclude this IP in split tunneling.
What Happens If You Don’t Configure It Properly?
If VPN overrides default routing:
Your RDP session disconnects immediately.
You may lose access completely.
Firewall rules may block new RDP attempts.
Server IP appears changed externally.
In worst cases, you may need console access from hosting provider to disable the VPN.
Always test carefully.
Best VPN Types for RDP Usage
Some VPN protocols behave better with split tunneling:
OpenVPN (supports custom routes)
WireGuard (efficient routing control)
IPSec (policy-based routing)
L2TP with manual route configuration
If you are using enterprise VPN, check documentation for routing policy features.
Cloud Server Considerations
If your server is hosted on:
VPS
Dedicated server
Cloud VM
Make sure:
Provider allows VPN traffic
No outbound port restrictions
Firewall rules allow both VPN and RDP
Cloud firewalls can sometimes block new routing paths.
Testing Without Losing Access (Safe Method)
Before enabling VPN:
Open two RDP sessions.
Keep one idle.
Enable VPN.
If one disconnects, use the second to revert settings.
Or:
Use hosting provider’s web console (safer option).
Never enable full-tunnel VPN blindly on a remote production server.
Troubleshooting Checklist
If RDP disconnects after VPN connection:
Check route table
Confirm default gateway changed
Verify split tunneling enabled
Remove default 0.0.0.0 VPN route
Restart networking service if needed
If IP changes:
VPN is using full tunnel mode
Disable default route override
Configure policy routing
Security Considerations
Using VPN inside RDP can improve:
Access to geo-restricted services
Private network connectivity
Secure outbound traffic
Internal corporate access
But misconfiguration can:
Lock you out
Create routing loops
Break firewall rules
Always prioritize controlled routing.
Final Thoughts
Using a VPN inside an RDP session without changing the RDP IP or losing connection is completely possible—but only if you manage routing properly.
The golden rule:
Never allow the VPN to override the default gateway used by your active RDP session.
Use split tunneling, disable “Use default gateway on remote network,” or implement static routes to maintain connection stability.
When configured correctly:
RDP remains stable
Public IP remains unchanged
VPN traffic is secured
No session drops occur
With proper routing control, you can safely use VPN inside remote servers without ever worrying about connection loss again.
