Home

Adding route to existing AlwaysOn VPN

%3CLINGO-SUB%20id%3D%22lingo-sub-330101%22%20slang%3D%22en-US%22%3EAdding%20route%20to%20existing%20AlwaysOn%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-330101%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20deployed%20a%20AlwaysOn%20VPN%20via%20a%20custom%20Intune%20Policy.%20This%20is%20working%20great%2C%20now%20we%20are%20facing%20a%20problem%20with%20a%20new%20route%20which%20has%20to%20go%20through%20the%20VPN%20tunnel.%20So%20we%20have%20to%20add%20a%20route%20to%20the%20VPN.%3C%2FP%3E%3CP%3EI%20found%20the%20VPNv2%20CSP%20page%20from%20MS%20but%20cannot%20figure%20out%20how%20to%20add%20a%20route%20to%20the%20existing%20AlwaysOn%20VPN.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20who%20have%20experience%20with%20adding%20a%20route%20to%20an%20existing%20AlwaysOn%20VPN%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-330101%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECSP%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-353046%22%20slang%3D%22en-US%22%3ERe%3A%20Adding%20route%20to%20existing%20AlwaysOn%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-353046%22%20slang%3D%22en-US%22%3E%3CP%3EFound%20the%20solution%20for%20adding%20a%20route.%3C%2FP%3E%3CP%3EAdd%20two%20custom%20OMA-URI%20rules%20to%20the%20existing%20AlwaysOn%20policy%2C%20one%20for%20the%20address%20and%20one%20for%20the%20subnet%20prefix%20size.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFirst%20we%20add%20the%20address%3A%3C%2FP%3E%3CP%3EOMA-URI%3A%26nbsp%3B.%2FUser%2FVendor%2FMSFT%2FVPNv2%2F%3CEM%3EVPN-ProfileName%3C%2FEM%3E%2FRouteList%2F%3CEM%3E3%3C%2FEM%3E%2FAddress%3C%2FP%3E%3CP%3EData%20type%3A%20String%3C%2FP%3E%3CP%3EValue%3A%2010.1.1.0%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBy%20default%20there%20are%20already%20two%20routes%20in%20our%20AO%20profile%2C%20so%20this%20is%20gonna%20be%20the%20third%20route.%20the%26nbsp%3BrouteRowId%20will%20be%203%20in%20my%20case.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%20were%20gonna%20set%20the%20subnet%20prefix%20size%2C%20this%20has%20to%20be%20a%20new%20rule%20in%20the%20same%20policy%3C%2FP%3E%3CP%3EOMA-URI%3A%26nbsp%3B.%2FUser%2FVendor%2FMSFT%2FVPNv2%2F%3CEM%3EVPN-ProfileName%3C%2FEM%3E%2FRouteList%2F%3CEM%3E3%3C%2FEM%3E%2FPrefixSize%3C%2FP%3E%3CP%3EData%20type%3A%20Integer%3C%2FP%3E%3CP%3EValue%3A%2024%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20the%20policy%20has%20been%20pushed%20to%20the%20clients%2C%20the%20route%2010.1.1.0%2F24%20has%20been%20added%20to%20the%20AO%20profile.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hi,

 

We deployed a AlwaysOn VPN via a custom Intune Policy. This is working great, now we are facing a problem with a new route which has to go through the VPN tunnel. So we have to add a route to the VPN.

I found the VPNv2 CSP page from MS but cannot figure out how to add a route to the existing AlwaysOn VPN.

 

Anyone who have experience with adding a route to an existing AlwaysOn VPN?

 

 

1 Reply
Highlighted

Found the solution for adding a route.

Add two custom OMA-URI rules to the existing AlwaysOn policy, one for the address and one for the subnet prefix size.

 

First we add the address:

OMA-URI: ./User/Vendor/MSFT/VPNv2/VPN-ProfileName/RouteList/3/Address

Data type: String

Value: 10.1.1.0

 

By default there are already two routes in our AO profile, so this is gonna be the third route. the routeRowId will be 3 in my case. 

 

Now were gonna set the subnet prefix size, this has to be a new rule in the same policy

OMA-URI: ./User/Vendor/MSFT/VPNv2/VPN-ProfileName/RouteList/3/PrefixSize

Data type: Integer

Value: 24

 

When the policy has been pushed to the clients, the route 10.1.1.0/24 has been added to the AO profile.