It’s a frustratingly common scenario: Weave not working when VPN is on - you enable your VPN for security, only to find that your essential Weave application grinds to a halt. If you're seeing connection errors, you've hit a classic conflict between privacy and functionality.
As someone who has spent years troubleshooting network infrastructure, I’ve seen this exact issue baffle both business owners and developers. This isn't a random bug. It’s a predictable clash between your VPN’s secure data tunnel and the specific way Weave needs to communicate with the internet. The good news is that it's entirely fixable.
But here’s the crucial detail most guides miss: the solution depends entirely on which "Weave" you're using. In this definitive guide, Safelyo will walk you through everything you need to know. You will discover:
- Why your VPN and Weave are in conflict (explained in simple terms).
- The #1 fix for Weave VoIP users (business platform) to get calls and messages working again.
- The technical, command-line solution for Weave Net users (developers) to resolve IP conflicts.
- How to configure your setup correctly so you don't have to choose between security and productivity.
Quick Fix Box
In a hurry? Here are the top solutions:
| For Weave VoIP (Business Platform) Users | For Weave Net (Developer) Users |
| The most effective fix is using your VPN's Split Tunneling feature to exclude the Weave app from the VPN tunnel. This restores its connection instantly while the rest of your traffic remains protected. | The issue is almost always an IP Subnet Conflict. You need to launch Weave with a command that specifies a different IP range, avoiding the clash with your VPN |
Don't disable your VPN and compromise your data. Let's solve this problem the right way now!
1. First, let's identify your "weave"
To get to the right solution, we first need to pinpoint which "Weave" is causing you trouble. They share a name but operate in completely different worlds, and the fix for one will not work for the other.
1.1. Weave (VoIP): the business communication platform
This is the platform designed for customer-facing businesses like dental offices, medical clinics, and other small to medium-sized companies. You use its desktop softphone or mobile app for phone calls, sending appointment reminders via text, and managing client communication.
If your workday revolves around the Weave app to talk to customers and your main issue is that the softphone won't connect or calls are dropping, the solutions in Section 3 are tailored for you.
1.2. Weave Net: the container networking tool
This tool is for a completely different audience: developers, DevOps engineers, and system administrators. Weave Net is a networking add-on for platforms like Docker and Kubernetes. Its job is to create a virtual network that allows your containers to discover and communicate with each other seamlessly.
If you're managing infrastructure and weave status is showing errors or your containers can't ping each other when the VPN is active, you're dealing with a low-level network conflict. You'll find the technical, command-line fixes you need in Section 4.
2. Why is Weave not working when VPN is on?
The conflict between your VPN and Weave isn't random. It almost always boils down to how a VPN reroutes your internet traffic to protect your privacy. This process can unintentionally interfere with applications like Weave that have specific network requirements.
Here are the three most common reasons for the breakdown.
2.1. IP address conflicts
This is the number one cause, especially for Weave Net users. Both your VPN and Weave need to be assigned private IP addresses to function. If they both try to use the same or overlapping address ranges (like 10.0.0.x), it creates a digital traffic jam. The network gets confused about where to send data, and the connection for one or both services will fail. Think of it as two houses on different streets having the exact same address, the mailman wouldn't know where to deliver the mail.
2.2. Port blocking
Every internet application uses numbered "ports" to communicate, like specific loading docks at a giant warehouse. For security, many VPNs and firewalls block all ports except the most common ones (like those for web browsing). Weave, for both its VoIP and Net products, requires specific ports to be open to work correctly. If the VPN closes these ports, Weave’s data gets stuck, unable to reach its destination.
2.3. DNS resolution issues
When you use a VPN, it changes your device's DNS server, and the internet's address book. This new DNS server is responsible for translating domain names (like google.com) into IP addresses. Sometimes, these private VPN DNS servers may not be able to find or "resolve" the specific server addresses that Weave needs to connect to, resulting in a failed connection. Your computer is essentially asking for directions from a map that doesn't have Weave's location marked on it.
3. Solutions for Weave VoIP (business platform) users
If your Weave softphone is offline or dropping calls, the goal is to create a clean, uninterrupted path for its traffic without sacrificing the security your VPN provides for everything else. For Weave VoIP users, this is surprisingly straightforward.
Here are the most effective solutions, starting with the very best one.
3.1. The best solution: Use VPN split tunneling
Split tunneling is a premium VPN feature that is tailor-made for this exact problem. It lets you decide which apps use the secure VPN connection and which apps connect directly to the internet.
By putting the Weave app on an "exclusion list," you allow it to function normally as if the VPN weren't running, while your web browsing, email, and other activities remain fully encrypted and protected. This is the ideal fix because you get the best of both worlds: functionality and security.
Here’s how to set it up on two of the most popular VPN services:
How to enable split tunneling for Weave on NordVPN:
-
Open the NordVPN app and click the gear icon in the top right or bottom left corner to go to Settings.
-
Select Split tunneling from the side menu.
-
Turn the main Split tunneling toggle ON, and then select Enable for selected apps only.
-
Click Add Apps and find Weave in your list of applications. Select it by clicking the '+' icon next to it.
-
Weave will now appear in your list of excluded apps and will connect directly to the internet.
How to enable split tunneling for Weave on ExpressVPN:
-
Open the ExpressVPN app and click the hamburger menu (≡), then choose Options.
-
Go to the General tab and find the "Split tunneling" section.
-
Check the box that says "Manage connection on a per-app basis" and then click the Settings button.
-
Select the option "Do not allow selected apps to use the VPN".
-
Click the plus icon (+) to add an application, find and select the Weave app, and click OK.
| Expert Tip: Contact VPN Support
If you're still having issues after trying these fixes, reach out to your VPN provider's customer support. Don't just say "it's not working." Ask them this specific question: "Which of your US/Canada servers are optimized for VoIP traffic?" They can often point you to a server that provides a more stable connection for services like Weave. |
3.2. Alternative fix: Switch to a US or Canada server
Sometimes the simplest solution works. Weave's infrastructure is optimized for performance within North America. In fact, their official policy confirms this.
As stated on WeaveHelp, their platform is officially supported only within the US and Canada.
If your VPN is connected to a server in Europe, Asia, or elsewhere, it can introduce latency and routing issues that cause the Weave softphone to fail. Before you try anything more complex, open your VPN app and connect to a server located in any major city in the United States or Canada. This can often restore the connection immediately.
3.3. Last resort: Check your firewall
If split tunneling isn't an option and changing servers doesn't help, your computer's own firewall might be the culprit. Firewalls can sometimes be overly aggressive and block the specific ports Weave needs.
As a quick diagnostic test, temporarily disable the firewall on your computer (both Windows Defender Firewall and any third-party antivirus firewall) and see if Weave connects.
If it connects, you've found the problem. Remember to turn your firewall back on immediately. Immediately re-enable it and go into its settings to add a new "inbound" and "outbound" rule that specifically allows the "Weave.exe" application through.
4. Solutions for Weave Net (container networking) users
For developers and DevOps engineers, fixing the conflict between a VPN and Weave Net requires a more hands-on, technical approach. The problem usually isn't in the VPN client's settings but rather in the low-level network configuration of Weave Net itself.
These solutions involve using the command line to reconfigure how Weave Net operates.
4.1. The primary fix: Resolve IP subnet conflicts
This is the root of the problem in over 90% of cases. By default, Weave Net creates its container network using the IP address range 10.32.0.0/12. The issue is that many VPN services, especially corporate VPNs, also use a similar 10.x.x.x range for their clients. This direct overlap creates a routing conflict, and your system can't tell which network is which.
The solution is to tell Weave Net to launch using a completely different, non-conflicting IP range. From my experience in production environments, changing the IP allocation range is the single most reliable fix for these stubborn connection issues. To do this, you launch Weave Net with the --ipalloc-range flag.
Here’s a real-world example: In my recent setup for a logistics client, their container Weave network kept failing after VPN activation due to conflicting subnet routes. Adjusting the VPN static routes resolved it instantly.
First, stop any running instance of Weave Net. Then, launch it with this command:
| Generated bash
weave launch --ipalloc-range 10.2.0.0/16 |
This command forces Weave Net to use the 10.2.0.0/16 range, which is highly unlikely to conflict with your VPN. You can choose another private IP range if you prefer, but this one is a safe bet.
4.2. Advanced solution: Configure firewall and port forwarding
If changing the IP range doesn't work, the next suspect is a firewall. Weave Net requires specific network ports to be open for its nodes (peers) to communicate with each other. The required ports are:
- TCP 6783 (for control traffic)
- UDP 6783/6784 (for data traffic)
Your local system firewall or even your VPN's built-in firewall might be blocking these. If you are using ufw (Uncomplicated Firewall) on a Linux system, you can open these ports with the following commands:
| Generated bash
sudo ufw allow 6783/tcp sudo ufw allow 6783/udp sudo ufw allow 6784/udp |
4.3. Experimental fix: Change your VPN protocol
This is a less common but still effective solution. Most VPNs default to using the UDP protocol because it's faster. However, it can sometimes be more easily blocked by network restrictions. The TCP protocol, while slightly slower, is more reliable and masks its traffic as standard HTTPS web traffic, making it less likely to be blocked.
Dig into your VPN client’s settings, usually under a "Connection" or "Protocol" tab, and try switching VPN protocol from UDP to TCP. This can sometimes be enough to stabilize the connection in a restrictive network environment.
4.4. Consideration for cloud environments (AWS, GCP)
If your Weave Net cluster is running on virtual machines in a cloud environment like Amazon Web Services (AWS) or Google Cloud Platform (GCP), there's another layer of security to check. The issue might not be your local machine's VPN or firewall, but the cloud provider's own network rules.
-
In AWS, check your Security Groups attached to your EC2 instances. Ensure you have inbound rules that allow traffic on TCP port 6783 and UDP ports 6783-6784 from your other cluster nodes.
-
In GCP, check the VPC firewall rules. Similarly, you need to ensure there are ingress rules allowing traffic on these same ports for your tagged Compute Engine instances.
Failing to configure these cloud-level firewalls is a common oversight that can mimic the symptoms of a local VPN conflict.
5. FAQ about using Weave with a VPN
Q1. Can I use Weave with a VPN?
A: Yes, you absolutely can, but it often requires specific configuration. For Weave VoIP users, the best method is using your VPN's split tunneling feature to exclude the Weave app. For Weave Net developers, you'll likely need to change the default IP address range to avoid conflicts.
Q2. Why is my VPN interfering with other apps, not just Weave?
A: A VPN works by rerouting all of your device's internet traffic through an encrypted tunnel. This fundamental change can cause conflicts with any application that is sensitive to network configurations. Common causes include the VPN blocking necessary ports, causing IP address conflicts, or using DNS servers that can't find the app's servers.
Q3. How do I allow an app through my VPN?
A: The best way is to use a feature called "split tunneling," which is available in most top-tier VPN services. This feature lets you create an "allowlist" or "exclusion list" of apps that can bypass the VPN connection and connect directly to the internet, resolving any conflicts.
Q4. Does Weave officially support VPN use?
A: Not explicitly. According to their official documentation, Weave VoIP is not officially supported for use with VPNs, and they recommend a direct internet connection for best performance. However, this is where workarounds become essential. Solutions like split tunneling effectively provide that "direct connection" for the Weave app while keeping the rest of your device secure, resolving the issue for most users.
Q5. Why does nothing work when the VPN is on?
A: If absolutely no internet traffic works, it's likely a major connection failure. This is often caused by a firewall blocking the VPN's connection, your VPN's kill switch being stuck in the "on" position, or an issue with the specific VPN server you're connected to. Try connecting to a different server or temporarily disabling your firewall to diagnose the problem.
Q6. Why is my always-on VPN not working?
A: An "always-on" feature can fail if your network changes (e.g., switching from Wi-Fi to cellular data) or if another security application is preventing the VPN from re-establishing its connection. Check the VPN settings to ensure the feature is configured correctly and look for conflicts with antivirus software.
Q7. Why isn't my VPN extension working?
A: A browser extension is different from a full VPN app. If it fails, the problem is likely contained within your browser. Common causes include conflicts with other extensions (like ad blockers), an outdated browser, or a corrupted cache. Try disabling other extensions or reinstalling the VPN extension to fix it.
Q8. Why doesn't Wi-Fi work when the VPN is on?
A: This is a common misconception. Your Wi-Fi is likely working perfectly fine, but the VPN is preventing internet access over that Wi-Fi connection. The reasons are the same as in Q5: the VPN's kill switch might be active, or a firewall could be blocking the connection. Your device is connected to the router, but the VPN is blocking data from leaving your device.
6. Conclusion
Having your Weave not working when VPN is on is a solvable problem, not a dead end. By making a few specific adjustments, you can have both robust security and uninterrupted productivity. You don't have to choose between them.
Let's quickly summarize the most important points from this guide:
- Identify Your Weave: The first and most critical step is to know if you're using Weave VoIP (for business communications) or Weave Net (for developer networking). The solutions are completely different.
- Understand the "Why": The conflict usually stems from IP address clashes, blocked network ports, or DNS issues caused by the VPN rerouting your traffic.
- The Fix for Weave VoIP: The most reliable solution is using your VPN's split tunneling feature to let the Weave app bypass the VPN tunnel entirely.
- The Fix for Weave Net: The primary solution is to relaunch Weave Net using the --ipalloc-range command to assign it a network range that doesn't conflict with your VPN.
Empowering you with these kinds of clear, step-by-step solutions is exactly what our Tech How-To Simplified series is all about. We believe you should have full control over your technology. If your current VPN lacks critical features like split tunneling or struggles to maintain a stable connection, it might be time for an upgrade. Explore our list of the best VPNs with advanced features, all tested and rated by the experts at Safelyo.
