Azure Windows Desktop VM - Two Public IPs, One for VPN and One for RDP?

Copper Contributor

Problem I'm actually trying to solve: I have an Azure Windows Desktop VM set up that I need to RDP into and then connect to a VPN on that VM. Connecting to the VPN breaks the connection because split tunneling is not enabled (nor will it be allowed). I'm trying to find a way to stay RDP'd into the VM while connected to the VPN.


Disclaimer: Neither networking nor Azure are my wheelhouse. And after burning through a couple of days of Googling and trying various hacks, I'm caving and asking here. ;)


My latest attempt at getting this to work involves configuring two NICs in the VM and giving each a public IP, along with each being on a separate private/internal subnet. The thought being that I could get the VPN to use one NIC while I RDP through the other interface (kind of like a management network on a server). However, the network gods are laughing at my feeble attempt.


I can RDP into either of the public IPs, but as soon as the VPN connects, I'm booted from the RDP. I imagine that, at least in part, this has to do with the fact that the Windows route table shows two default routes: one over each of the interfaces.


So, I have to ask...has anyone here been able to successfully pull something like this off? Or without split tunnel, am I just wasting my time?



2 Replies
Regarding your current approach, it may be possible to use multiple NICs with different subnets to achieve your goal, but it requires careful configuration of routing tables on both the VM and the VPN. You would need to make sure that RDP traffic is routed through one NIC while VPN traffic is routed through the other NIC.

However, it may be easier and more secure to use a jump box or a bastion host to access the VM instead
Hi Zac,

One possible solution to your scenario would be to use a remote access solution that allows for split tunneling. This would allow you to connect to the VPN on the Azure VM without breaking the RDP connection.

One such solution is the Azure Point-to-Site VPN. This solution allows you to connect to the Azure Virtual Network using a VPN client on your local machine. The Azure VPN Gateway supports split tunneling, which means that only traffic destined for the Virtual Network will go through the VPN. All other traffic will go through your local internet connection.

Best Regards