You might have come across some modern Windows 8 apps (Metro apps) don’t see the Internet (failed to connect to the server, etc.) when using certain types of VPN connections to ISPs. However, as a rule, this issue doesn’t occur to all Metro apps. I. e., some apps work (usually these are standard Metro apps), and some don’t. At the same time classic Windows applications work with the Internet without any problems.
If you place a hardware router that initiates VPN connection to the provider before the computer, the issue doesn’t occur. It means that the problem occurs only in Windows 8 which has to set up a VPN tunnel itself.
The problem is quite old, but there is no official Microsoft solution so far (At least, I wasn’t able to find it). In this article, we’ll examine the reason why it appears and how to solve it.
As you know, Modern Windows 8 Apps differ from classic Windows apps. In this context, we are interested in the fact that they are run in an isolated environment with the access to the loopback computer interface disabled by default. Since all tunnel interfaces (pptp, l2tp, pppoe), which use VPN, are loopback interfaces, the majority of Metro Apps cannot send network traffic to them, and, consequently, to access the Internet. The same is applies to local proxy servers (from the simplest ad removers, like Privoxy, to full-fledged proxy servers).
To give a Metro app full network access, you have to add privateNetworkClientServer to APPX manifest. When developing applications in Visual Studio, this access is enabled, but after the app has been published in Windows Store, the developer has to enable this feature manually in the manifest file.
While the tunnel interfaces on Windows are loopbacks, you will have either to ask developers to modify the apps or to use a workaround solution to make Metro Apps work correctly.
To implement a workaround, we’ll use a free HTTP/HTTPS proxy server Fiddler, meant for web apps debugging and inspecting all HTTP traffic between a computer and Internet servers (in particular, it can be used to get a direct link to download an installation APPX file of any Metro app from Windows Store).
- Download Fiddler Web Debugger from this webpage (http://www.telerik.com/download/fiddler). For Windows 8 or later you’ll need Fiddler for .Net 4. (It is supposed that you have .NETv4 Framework installed on your computer)
- Install Fiddler with the standard settings.
- By default, Modern Apps cannot be debugged using Fiddler, since it works as a local proxy server on your computer (Metro Apps cannot send traffic through local proxy interface by default). You can remove this restriction (Loopback Restriction) in the program container AppContainers for a certain Metro app using Fiddler extension — Windows 8 AppContainer Loopback Utility (enableloopbackutility.exe). Download and install this extension.
- After the utilities are installed, start Fiddler and in Tools menu select Win8 Loopback Exemptions (you can do the same, if you click the first Windows 8 button in the toolbar).
- Before performing the next step, make sure that your VPN is established (or a local proxy server is started).
- Select Windows 8 Metro apps, which traffic should go through Fiddler and the loopback access restriction to be removed. If you have to select all apps, click Exempt All and save the configuration (Save Changes).
Tip. As you can see, it is specified in this window that for security and reliability reasons Windows blocks Metro apps from sending network traffic to the local computer. AppContainer Loopback Exemption Utility disables this restriction for debugging and testing. - Minimize Fiddler (don’t close it!) and check network access from the Metro apps.
Fiddler is not suitable for productive use in corporate environment due to some inconveniences in its deployment and management. But as a workaround solution allowing to work with Metro apps in a VPN configuration, it is quite useful.
So, we have considered how to use Fiddler for giving Metro apps Internet access through any VPN connection or local proxy server.
4 comments
Thank you so much for the info! Worked great for restoring connecectivity of my Apps while using IPvanish
Thanks! this solved my problem now with Cisco VPN and Windows 10 🙂
However Why do Fiddler needs to Capture or still run if the modern apps are exempt?
why does fiddler’s proxy behavior allows these modern apps to run through the cisco vpn when exempt?
As I already wrote, the problem is the limited access of modern apps to the loopback interface.
In order for modern applications to have access to the Internet, you need to constantly keep Fiddler running
Thanks for the tutorial Max, I tried the above on Win 10 + Nord VPN (trying to get Cortana to connect while using a VPN)- however, it didn’t work out for me. Any idea if this method still works on Win 10 (considering it worked for ‘tal’ on Win 10, not sure why its not working for me.) Thanks again!!