Forum Discussion

Anon4343's avatar
Anon4343
Brass Contributor
Feb 04, 2022

Forced Tunnel in XML VPN Profile not Working

Hello, we're using a custom XML Profile for our InTune VPN Profile and the connection doesn't seem to follow the desired Forced Tunnel parameter. When performing a tracert google.com , the traffic do...
Intune
Profile Settings
Harm_Veenstra's avatar
Harm_Veenstra
MVP
Feb 12, 2022

Anon4343 

 

<DeviceTunnel>false</DeviceTunnel>

<LockDown>true</LockDown>

<AlwaysOn>true</AlwaysOn>

<RoutingPolicyType>ForceTunnel</RoutingPolicyType>

 

this should be included in the <NativeProfile> section, could you try this?

  • Anon4343's avatar
    Anon4343
    Brass Contributor
    Feb 15, 2022
    I don't think that the <NativeProfile> section is being used because we're using the Azure VPN Client.
    • Moe_Kinani's avatar
      Moe_Kinani
      Bronze Contributor
      Feb 15, 2022

      Hi Anon4343 

       

      Just like you mentioned earlier NativeProfile does not apply on Azure VPN Client. You can force tunneling using two methods, either advertising custom routes in Azure Gateway using Set AzVirtualNetworkGateway to 0.0.0.0/1128.0.0.0/1 or including these routes in the config file under <clientconfig> section (screenshot attached).

       

      FYI- Internet connectivity will not be provided through the VPN gateway. As a result, all traffic bound for the Internet is dropped.

       

      Hope this helps!

      Moe

       

      https://docs.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-client

       

      https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-p2s-advertise-custom-routes

       

       

  • Anon4343's avatar
    Anon4343
    Brass Contributor
    Feb 14, 2022
    I think I see now. If I'm referencing the OMA-URI, ./User/Vendor/MSFT/VPNv2, I need to follow the matching tree described at: https://docs.microsoft.com/en-us/windows/client-management/mdm/vpnv2-csp




Resources