Forum Discussion
Forced Tunnel in XML VPN Profile not Working
Hello, we're using a custom XML Profile for our InTune VPN Profile and the connection doesn't seem to follow the desired Forced Tunnel parameter. When performing a tracert google.com , the traffic does not go across the tunnel. I haven't been able to find any other configuration requirements. Is there something I'm missing? Thank you.
XML excerpt:
4 Replies
<DeviceTunnel>false</DeviceTunnel>
<LockDown>true</LockDown>
<AlwaysOn>true</AlwaysOn>
<RoutingPolicyType>ForceTunnel</RoutingPolicyType>
this should be included in the <NativeProfile> section, could you try this?
- I don't think that the <NativeProfile> section is being used because we're using the Azure VPN Client.
Hi Anon4343
Just like you mentioned earlier NativeProfile does not apply on Azure VPN Client. You can force tunneling using two methods, either advertising custom routes in Azure Gateway using Set AzVirtualNetworkGateway to 0.0.0.0/1 , 128.0.0.0/1 or including these routes in the config file under <clientconfig> section (screenshot attached).
FYI- Internet connectivity will not be provided through the VPN gateway. As a result, all traffic bound for the Internet is dropped.
Hope this helps!
Moe
https://docs.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-client
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-p2s-advertise-custom-routes
- I think I see now. If I'm referencing the OMA-URI, ./User/Vendor/MSFT/VPNv2, I need to follow the matching tree described at: https://docs.microsoft.com/en-us/windows/client-management/mdm/vpnv2-csp
