Hi @containers 2 go 2 ,
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to understand more about VPN gateway and Transit Routing for P2S users.
When you have a VPN gateway in EastUS region, every P2S Tunnel will originate at Client laptop and terminate at EastUS only.
So, for a client in India, to reach a peered Vnet in India,
- First traffic will go via the P2S tunnel till the EastUS gateway.
- Then it will use the Azure backbone (peering) to reach the resource in India region.
- This is by design and we cannot modify this behavior.
- This would add a considerable latency for users in India.
To address your queries,
1) Can you peer two vNets when each vNet has VPN gateway?
- Yes, you can.
- However, you cannot enable Transit routing with this.
- So, I do not think this would help your scenario.
2) When using hub spoke with vnet peering and gateway transit, where is end user p2s vpn tunnel terminated when user is in spoke region? any way to control this?
- The P2S Tunnel always terminates at Hub region.
- This is an expected behavior and we cannot modify this
I hope this clarifies your queries. Let me know should you have any follow-up questions on this.
Cheers,
Kapil