Azure VPN Client - split tunnelling not working

mmac 51 Reputation points
2022-09-14T14:04:28.987+00:00

hello,
We use the Azure VPN client and to connect to our Azure VPN gateway. Mass majority of laptops 20 out of 24, this works without issue. On the other 4 laptops we are seeing an issue where SSH is ignoring the Azure VPN gateway and trying to connect directly to the server via the servers private IP address NOT the Azure VPN GW\Client address - basically ignoring the VPN and trying to go over the internet to a private address.

This took while to troubleshoot and I isolated it using Wireshark on a known good laptop\VPN and a know bad laptop\VPN.

When the 'good' laptop is connecting to SSH all traffic went straight to the VPN gateway address via the tunnel. I watched the network and reviewed the output, all traffic directly to VPN GW IP - there was no private address at all.

When on a 'bad' laptop is connecting to SSH all traffic tried to go to the server directly as the servers private address was showing repeatedly with failures from SSH, and an eventual timeout as it can never reach that address.

I checked the routing tables on both the good and bad laptops, they matched exactly other than the expected local IP differences.

I isolated this to Azure VPN client by using OPENvpn on a known 'bad' laptop and connected using the OPENvpn client and the same SSH session. This worked without issue. I watched the traffic with Wireshark and all SSH traffic went over the expected OPENvpn tunnel

This seems to happen randomly on laptops - as I rolled out 2 new laptops and one worked the other did not - no setup differences. Additionally it randomly started to happen to older systems too. I am assuming the the split tunneling that should be in place for the Azure VPN Client is being ignored. How do I fix? I have looked at the articles such as below but nothing explains WHY this is happening

https://learn.microsoft.com/en-us/answers/questions/98417/aovpn-forced-tunnel-with-few-exceptions.html

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,347 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,089 questions
{count} votes