Internet access does not working after connecting to Azure P2S VPN

Ankit Badani 6 Reputation points
2022-06-03T18:10:42.353+00:00

I have Virtual Network Gateway deployed in Sub1 with VNet of 10.12.0.0/16 and Gateway subnet of 10.12.255.0/27. VNet 10.12.0.0/16 has custom DNS Servers of 10.11.11.14 and 10.11.11.15, which are in another VNet of 10.11.0.0/16 with Sub2. While configuring Point-to-Site configuration, I am also advertising 10.11.0.0/16 subnet as an additional route. I can connect to Azure P2S VPN and can RDP into all the VMs that are running in 10.12.0.0/16. However, as soon as I connect Azure VPN Client, I cannot connect to Internet. My understanding is that only advertised routes will be routed over the Azure P2S tunnel. If I do a route print, I can see the 0.0.0.0/0 default gateway pointed to my home router. But I cannot do a nslookup or ping to outside world. I have tried disabling the firewall on the machine and also unchecked "Use default gateway on remote subnet" for the VPN NIC.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,798 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,777 questions
0 comments No comments
{count} vote

2 answers

Sort by: Most helpful
  1. Jackson Martins 10,606 Reputation points MVP Volunteer Moderator
    2022-06-04T11:17:52.05+00:00

    Hi @Ankit Badani
    Make sure there is no overlap ip with your local network.
    You can try disabele forced tunneling, using Azure CLI like:

    $gw = Get-AzVirtualNetworkGateway -Name <name of gateway> -ResourceGroupName <name of resource group>
    Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gw -CustomRoute @0

    Reference : https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-p2s-advertise-custom-routes#forced-tunneling

    Another way to add the new route on the client vpn is by accessing the routes configuration file. The file is at:

    %appdata%\Microsoft\Network\Connections\Cm

    208336-image.png

    You can open file called "routes"

    and see all routes that are applied

    You can remove or add routes in windows format, maybe remove the dafault gateway from VPN
    208407-image.png

    Get in touch if you need more help with this issue.

    --please don't forget to Accept as answer if the reply is helpful--

    1 person found this answer helpful.

  2. Tomasz Wieczorkowski 56 Reputation points
    2024-11-05T20:58:24.3866667+00:00

    Hi Guys,

    I've tested this issue.

    Steps performed:

    1. New Azure VPN config downloaded from the Azure Portal VPN Gateway P2S (doesn't work)
    2. Checking of ipconfig /all , route print, tracert, nslookup, test-netconnection, telnet, wifi/wired interfaces settings (all checked, no issues)
    3. The problem is somehow related to the the Microsoft EDGE web browser DNS settings. When open Microsoft EDGE -> Settings -> search for "dns" -> look for "Use secure DNS to specify how to lookup the network address for websites". By default there is a settings set "Use current service provider". To solve the case and have the internet connection while on Azure VPN select "Choose a service provider", click in the empty field below and select e.g. "Cloudflare (1.1.1.1)". It will appear as "https://chrome.cloudflare-dns.com/dns-query". Screens attached. Then reboot the web browser - Microsoft Edge - and the internet will start to work right away.

    20241105 edge dns1

    20241105 edge dns2

    Security info: In this Cloudflare DNS is used to resolve your DNS queries. If you do not want to do that try with your own DNS servers or other DNS you prefer in this step.

    NOTE: If this will help you feel free to leave short comment or just share this to other that have such issue.

    In case of questions feel free to let me know via comments as well.

    Best regards,

    Tomasz Wieczorkowski

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.