Hi @brichardi
The azure VPN was designed for you to access the resources that are in Azure; if your goal is to access only the on-premise resources, the best way is to have your equipment for these vpns, such as a Linux firewall, sonicwall, palo alto, Fortinet.
Now if you only want to access the resources that are in Azure, the azure VPN gateway does not have any limitations, from the client, such as a dynamic public IP
Get in touch if you need more help with this issue.
--please don't forget to "[Accept the answer]" if the reply is helpful--