Browse the bible
Foundations
Getting started
Capabilities
Security & governance
Workflows
Prompt library
Rollout playbook
Troubleshooting
Reference
Troubleshooting

Claude Cowork VPN and network issues

Why Claude Cowork breaks under most corporate VPNs and how to fix it. Immediate workaround for operators, longer fix for IT, captive-portal edge cases.

Updated 2026-04-25Read 3 min

TL;DR. Cowork's number-one reported issue: it does not work properly with most corporate VPNs. The immediate fix for operators is to disconnect the VPN and try again. The longer fix is for IT — split-tunnel exception and an Anthropic endpoint allowlist. The VPN conversation has to happen in week one of any deployment, not week four.

The symptom#

Cowork stops responding, can't reach the web, or behaves erratically while a corporate VPN is connected. The root cause is a routing conflict between Cowork's local components and the VPN's network policy.

The immediate fix#

  1. Disconnect the VPN.
  2. Wait 30 seconds.
  3. Try the Cowork action again.

This works in the vast majority of cases. It is also a workaround, not a fix.

The longer fix (for IT)#

  • Whitelist Cowork's local subnet in the VPN's split-tunnel configuration.
  • Allow direct egress for Cowork's required Anthropic endpoints.
  • Many corporate VPNs — Cisco AnyConnect, Palo Alto, Zscaler — need this configured per environment.
  • Document the configuration in the IT runbook so the next operator does not start from zero.

When VPN is non-negotiable#

For operators who must stay on VPN for compliance reasons:

  • Option A — split tunnelling exception for Cowork.
  • Option B — a dedicated workstation or VM for Cowork that does not use the VPN.
  • Option C — defer Cowork for that operator until split tunnelling is approved.

There is no Option D where Cowork works through the VPN unmodified. Pick A, B, or C and commit.

Other network issues#

  • Egress restrictions — corporate firewalls blocking Anthropic's API endpoints. Get IT to allowlist.
  • DNS poisoning — rare, but possible on tightly controlled networks. Check claude.ai resolves correctly.
  • Proxy auth — some corporate proxies need explicit auth Cowork can't provide. Bypass via firewall rule.

Coffee shop / hotel networks#

  • Captive portals can intermittently drop Cowork. Sign in through Safari first, then return to the app.
  • Hotel WiFi often blocks Anthropic; tether via mobile hotspot if needed.

Tinkso's take#

The VPN issue is the single biggest headwind to Cowork adoption in enterprise IT. We bring an explicit "ask IT to whitelist X, Y, Z" template to every deployment so the VPN conversation happens in week one, not week four. Catch it late and you waste two weeks of the pilot owner's time on a problem that is fixable in a single IT ticket if it is named clearly.

Related

Read next

← PreviousClaude Cowork usage limits — what to do when you hit the wallNext →Claude Cowork output quality issues

Want this delivered, not DIY'd?

Tinkso runs the deeper engagement behind the playbook on this page. Book a 30-minute call.

Book a 30-min callcowork@tinkso.com
Last reviewed: 25 April 2026 · The Cowork Bible · Tinkso