Does Azure point-to-site VPN support forced tunneling?

Question

We want to allow our users to VPN into an Azure network and route all Internet traffic over that VPN, for privacy reasons. Is this something Azure VPN supports?

Answer 1

This is not supported for P2S Connections. Internet traffic will be dropped by the VPN Gateway. You can read more about P2S Routing in Azure Here.

If you would like us to add this functionality in the future, please vote for this existing issue here at Azure Networking's feedback.azure.com page.

Answer 2

If you take a look here (Configure forced tunneling using the classic deployment model), the force tunneling is available for Sote To Site CPN connections.

I just tested with the Azure VPN Client:

• There is no option to configure "force tunneling" in the Azure VPN Client
• After connecting a P2S Tunnel the default route of the Windows 10 client is still pointing to the IP of the client (not to the VPN connection)

Maybe this is helpful.

Regards

Andreas Baumgarten

(Please don't forget to Accept as answer if the reply is helpful)

Answer 3

The documentation states this is now supported.

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-p2s-advertise-custom-routes

Answer 4

The documentation appears to be rather generic and lacks clarity on how to manage internet-bound traffic from remote clients via the P2S connection using the VPN gateway. Has anyone successfully implemented this, or is there any specific documentation available to clarify this process?