Feb 04 2022 01:29 PM
Hello, we're using a custom XML Profile for our InTune VPN Profile and the connection doesn't seem to follow the desired Forced Tunnel parameter. When performing a tracert google.com , the traffic does not go across the tunnel. I haven't been able to find any other configuration requirements. Is there something I'm missing? Thank you.
XML excerpt:
Feb 12 2022 07:25 AM
<DeviceTunnel>false</DeviceTunnel>
<LockDown>true</LockDown>
<AlwaysOn>true</AlwaysOn>
<RoutingPolicyType>ForceTunnel</RoutingPolicyType>
this should be included in the <NativeProfile> section, could you try this?
Feb 14 2022 02:57 PM
Feb 14 2022 04:20 PM
Feb 14 2022 07:48 PM - edited Feb 14 2022 08:02 PM
Hi @Anon4343
Just like you mentioned earlier NativeProfile does not apply on Azure VPN Client. You can force tunneling using two methods, either advertising custom routes in Azure Gateway using Set AzVirtualNetworkGateway to 0.0.0.0/1 , 128.0.0.0/1 or including these routes in the config file under <clientconfig> section (screenshot attached).
FYI- Internet connectivity will not be provided through the VPN gateway. As a result, all traffic bound for the Internet is dropped.
Hope this helps!
Moe
Advertise custom routes for point-to-site VPN Gateway clients - Azure VPN Gateway | Microsoft Docs