Internet access does not working after connecting to Azure P2S VPN

Ankit Badani 1 Reputation point
2022-06-03T18:10:42.353+00:00

I have Virtual Network Gateway deployed in Sub1 with VNet of 10.12.0.0/16 and Gateway subnet of 10.12.255.0/27. VNet 10.12.0.0/16 has custom DNS Servers of 10.11.11.14 and 10.11.11.15, which are in another VNet of 10.11.0.0/16 with Sub2. While configuring Point-to-Site configuration, I am also advertising 10.11.0.0/16 subnet as an additional route. I can connect to Azure P2S VPN and can RDP into all the VMs that are running in 10.12.0.0/16. However, as soon as I connect Azure VPN Client, I cannot connect to Internet. My understanding is that only advertised routes will be routed over the Azure P2S tunnel. If I do a route print, I can see the 0.0.0.0/0 default gateway pointed to my home router. But I cannot do a nslookup or ping to outside world. I have tried disabling the firewall on the machine and also unchecked "Use default gateway on remote subnet" for the VPN NIC.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
833 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
1,176 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Jackson Martins 5,726 Reputation points
    2022-06-04T11:17:52.05+00:00

    Hi @Ankit Badani
    Make sure there is no overlap ip with your local network.
    You can try disabele forced tunneling, using Azure CLI like:

    $gw = Get-AzVirtualNetworkGateway -Name <name of gateway> -ResourceGroupName <name of resource group>
    Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gw -CustomRoute @0

    Reference : https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-p2s-advertise-custom-routes#forced-tunneling

    Another way to add the new route on the client vpn is by accessing the routes configuration file. The file is at:

    %appdata%\Microsoft\Network\Connections\Cm

    208336-image.png

    You can open file called "routes"

    and see all routes that are applied

    You can remove or add routes in windows format, maybe remove the dafault gateway from VPN
    208407-image.png

    Get in touch if you need more help with this issue.

    --please don't forget to Accept as answer if the reply is helpful--