Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,302 questions
Can I route internet traffic over AOVPN
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 73%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDW%3C/text%3E%3C/svg%3E)
Dean Wheatley
1
Reputation point
I have a specific requirement in that I have an always on VPN setup that allows ne to connect to Azure resources, as expected. However I also need to access a specific public IP address to access an online service, as the tunnel uses split tunneling this traffic would normally be routed through my home internet connection. However the vendor will only allow access from a single IP address that does not change.
Under normal VPN conditions I would add a new route on the tunnel that forced traffic to the IP address down the tunnel to be routed out by the firewall, which the vendor can then whitelist and allowing access from the on prem firewall. Can AOVPN be configured in this way also? (I have created an InTune policy that adds the route to the connection profile and can see from a route print that the traffic to this IP is being sent down the tunnel). In theory I should then be able to get the Azure route table to then pass this traffic to the internet.
Am I barking up the wrong tree here, is this even supported?. Online documentation is thin on the ground
Dean
{count} votes
-
Miguel Gonçalves | AVANADE 886 Reputation points2024-06-11T14:24:01.71+00:00 Hi Dean,
Some notes;
- Force tunneling, all network traffic from the VPN client is routed over the VPN tunnel. This includes both Azure resources and internet traffic, however, this approach doesn’t allow for exceptions or specific routing based on destination IP addresses.
- In split tunneling, the VPN client is configured with necessary IP routes to establish remote network connectivity to on-premises resources. By default, Windows 10 Always On VPN assigns a class-based route based on the IP address assigned to the client by the VPN server. However, this default class-based route is limited and may not cover all scenarios. To configure custom routes for specific IP addresses, you can use ProfileXML.
- Note that Always On VPN has no built-in way to route traffic by hostname or Fully-Qualified Domain Name (FQDN)
If you’re using split tunneling, you can configure specific routes for your desired IP addresses using ProfileXML. However, if you’re using force tunneling, you won’t have fine-grained control over routing based on specific IPs. As for Azure route tables, they won’t directly influence Always On VPN routing, but you can still achieve your goal by carefully configuring routes within the VPN profile.
-
Miguel Gonçalves | AVANADE 886 Reputation points
2024-06-11T14:24:41.88+00:00 As probably you already know AlwaysON need always many additional considerations and planning and testing, and...
Sign in to comment