Share via

P2S vpn forced tunnel not permitting Internet Access

Gary (Admin) 0 Reputation points
2026-02-18T15:21:45.5433333+00:00

I have configured a virtual wan, virtual hub, configured a VPN gateway. Created a virtual network, firewall, firewall policy. a route table and inserted a route. According to the troubleshooting diagnostics everything appears to be correct.

In the downloaded azurevpnconfig.xml file, I have set the version value to 2.

The vpn client connects via vpn successfully, the 'route print' output correctly shows the default gateway as through the vpn into azure, but it has no connectivity to anything.

Where should I be looking to troubleshoot ?

Any suggestions are welcome.

Gary

Azure VPN Gateway
Azure VPN Gateway

An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.

0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gary (Admin) 0 Reputation points
    2026-02-21T11:15:00.79+00:00

    Found the solution, in one of the original documentation I found while configuring the wan/hub/gateway/firewall suggested that on the route policy I should use the private IP address of the firewall as the destination address for my P2S vpn traffic. When I changed this to * my traffic successfully exited via the assigned Public IP address.

    0 comments
  2. Vallepu Venkateswarlu 5,960 Reputation points Microsoft External Staff Moderator
    2026-02-19T00:50:09.73+00:00

    Hi @ Gary (Admin),

    It sounds like you're running into a tricky situation with your P2S VPN, where the tunnel is established but you're not able to access the internet or other resources.

    Default Route Advertising: Since you mentioned forced tunneling, confirming that the default route (0.0.0.0/0) is being properly advertised to your VPN clients is essential. You can do this by checking your route table settings and ensuring you're advertising the proper routes in your virtual hub.

    Firewall Configuration: If you have a firewall in your setup, make sure it's not blocking outgoing connections. Sometimes, the firewall rules can prevent traffic from passing through the tunnel. Check the firewall policies to ensure they allow the necessary traffic.

    VPN Profile: Ensure that the VPN configuration you downloaded (azurevpnconfig.xml) is correctly applied to your VPN client. Consider re-downloading it and reapplying it to confirm there are no issues with outdated configurations.

    Diagnostics: Leverage the built-in diagnostics provided by Azure for your VPN gateway. These can help you identify if there are any connectivity issues or settings that are incorrect. Utilize the outputs from diagnostics to guide your troubleshooting steps.
    References:

    Please210246-screenshot-2021-12-10-121802.pngand “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments
  3. Q&A Assist
    2026-02-18T15:21:59.5566667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To troubleshoot the issue of your Point-to-Site (P2S) VPN forced tunnel not permitting Internet access, consider the following steps:

    1. Check Route Configuration: Ensure that the custom routes you have advertised (0.0.0.0/1 and 128.0.0.0/1) are correctly set up. This is crucial for forcing all traffic through the VPN tunnel. You can verify this by using the Azure PowerShell commands to check your virtual network gateway settings. 
         $gw = Get-AzVirtualNetworkGateway -Name <name of gateway> -ResourceGroupName <name of resource group>
   Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gw -CustomRoute 0.0.0.0/1 , 128.0.0.0/1
    2. Enable Internet Security Flag: Make sure that the EnableInternetSecurity flag is set to true for your Point-to-Site VPN gateway. This is necessary for the clients to be properly configured for forced tunneling. You can enable it using the following command: 
         Update-AzP2sVpnGateway -ResourceGroupName "sampleRG" -Name "p2sgwsamplename" -EnableInternetSecurityFlag
    3. Firewall Configuration: Review your Azure Firewall settings and policies. Ensure that the firewall is configured to allow traffic from the VPN clients to the desired destinations. If you are using a third-party firewall, check its settings as well.
    4. Diagnostics and Logs: Utilize Azure diagnostic logs to check for any issues related to VPN connectivity. This can provide insights into what might be going wrong during the connection process.
    5. Local Network Configuration: Verify that the local network adapter settings on the client machine are not conflicting with the VPN settings. Sometimes, local firewall rules or network settings can interfere with connectivity.
    6. Test Connectivity: After making changes, test the connectivity again. Use tools like ping or tracert to see where the connection fails.

    By following these steps, you should be able to identify the issue preventing Internet access through your P2S VPN forced tunnel.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.