Forced Tunnel in XML VPN Profile not Working

Brass Contributor

Hello, we're using a custom XML Profile for our InTune VPN Profile and the connection doesn't seem to follow the desired Forced Tunnel parameter. When performing a tracert , the traffic does not go across the tunnel. I haven't been able to find any other configuration requirements. Is there something I'm missing? Thank you.


XML excerpt:


4 Replies








this should be included in the <NativeProfile> section, could you try this?

I think I see now. If I'm referencing the OMA-URI, ./User/Vendor/MSFT/VPNv2, I need to follow the matching tree described at:

I don't think that the <NativeProfile> section is being used because we're using the Azure VPN Client.

Hi @Anon4343 


Just like you mentioned earlier NativeProfile does not apply on Azure VPN Client. You can force tunneling using two methods, either advertising custom routes in Azure Gateway using Set AzVirtualNetworkGateway to or including these routes in the config file under <clientconfig> section (screenshot attached).


FYI- Internet connectivity will not be provided through the VPN gateway. As a result, all traffic bound for the Internet is dropped.


Hope this helps!



Configure VPN clients for P2S OpenVPN protocol connections: Azure AD authentication - Azure VPN Gate...


Advertise custom routes for point-to-site VPN Gateway clients - Azure VPN Gateway | Microsoft Docs