Client VPN (P2S) access to on-prem via S2S both into same Azure VGW

Adam Smith 1 Reputation point

We have a working P2S (OpenVPN) and a working S2S both into Azure virtual environment. There's also a VM on the vnet.
We can connect to the VM in Azure via the client VPN and also ping on-prem (via S2S) from the VM. However, what we'd like to do is be able to connect to on-prem resources (e.g. RDP) over the client VPN, via the Azure gateway and back over the S2S VPN.

Client --p2s--> Azure --s2s--> On-prem

We can't use BGP on-prem at the moment. Is there any other way to route traffic via Azure?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,148 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Andreas Baumgarten 69,656 Reputation points MVP

    You need to add 2 routes:
    On-premises you need a route to the VPN client network
    On the client you need a route to the on-premises network

    Maybe this is helpful.


    Andreas Baumgarten

    (Please don't forget to Accept as answer if the reply is helpful)

    0 comments No comments

  2. SaiKishor-MSFT 16,921 Reputation points

    @Adam Smith
    Unfortunately, if you do not use BGP based S2S VPN, you cannot access the S2S VPN resources via CVPN viz Azure. Please refer to document- for further details. Thank you!

    0 comments No comments

  3. Anel Habibovic 1 Reputation point

    I know this question is old, but pops up as the first hit, so I will add a solution to it.

    You simply need to advertise custom routes for P2S VPN clients and then download the client vpn installation file once again. Remember to remove the old connection on your source windows laptop, so you get a clean install. No need to remove certificate.

    Add custom route:
    $gw = Get-AzVirtualNetworkGateway -Name <name of gateway> -ResourceGroupName <name of resource group>
    Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gw -CustomRoute x.x.x.x/xx

    If you need to add more subnets, simply use comma.

    Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gw -CustomRoute x.x.x.x/xx, y.y.y.y/xx

    If you do a route print in CMD after re-install and connect, you'll see the on-prem subnets listed where the gateway is the VPN client.

    This should solve the problem and give you access from Client VPN P2S -> Azure S2S -> On-prem

    Remember each time after adding custom routes, the VPN client needs to be downloaded again.

    Hope this helps