How can we improve Azure Networking?

Auto-connect for point-to-site VPN.

When the device is restarted, or internet connectivity is regained, the device automatically connects to the VPN again.

226 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Josh DeanJosh Dean shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    16 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • ConnectorConnector commented  ·   ·  Flag as inappropriate

        Sounds great. Have you tested it already? Does it re-connect it the connection breaks?

      • Anonymous commented  ·   ·  Flag as inappropriate

        Steven, This sounds interesting. Can you explain in detail how you manually configured the VPN? Should this also work with dynamic Routing in order to connect multiple clients?

      • Steven De KockSteven De Kock commented  ·   ·  Flag as inappropriate

        We had a case where we had to connect to an on-prem server without the ability to setup site-to-site.
        We worked around this by manually configuring the VPN client (instead of using the installer), using scheduled tasks on boot and every 5 minutes, setting up static routes.

        Because our server is polling the client, we also had the need for a static IP address. We worked around this by having the client register register itself in our server.

      • StefanStefan commented  ·   ·  Flag as inappropriate

        I agree. We have postponed moving to Azure until auto-connect on boot is available.Yushun, is there a chance that it will come with Windows 10?

      • Anonymous commented  ·   ·  Flag as inappropriate

        Connect at boot is really an important requirement, in particular because it would allow the use of roaming profiles. I hope that you are making progress!

      • Olaf EngelkeOlaf Engelke commented  ·   ·  Flag as inappropriate

        Beside that it would be nice, if the VPN client would not claim a new IP address, if the connection has been dropped, but try to renew the lease first.

      • Andrey B.Andrey B. commented  ·   ·  Flag as inappropriate

        Windows 7/8 already has IPHTTPS, which does exactly that.

        There are two gotchas, however:
        1) The management API for IPHTTPS can only create a single instance of IPHTTPSInterface, because it was designed as a platform feature for DirectAccess / Forefront UAG.
        But this could be improved in an update (or at least in Windows 8.2).

        2) There is a hard requirement for IPv6 inside the private network (which is a good thing - avoids all the problems with RFC 1918 address space clashes).

        Currently, Azure blocks IPv6 communication, including 6to4 and ISATAP, so IPHTTPS cannot be easily deployed. The only option is Teredo, which is complicated and inherently unreliable.

      • Josh DeanJosh Dean commented  ·   ·  Flag as inappropriate

        I have worked around the issue with a powershell script and a scheduled task that triggers the script when the computer starts, and in 5 minute increments there after.

        $ip = <<server IP>>
        $result = gwmi -query "SELECT * FROM Win32_PingStatus WHERE Address = '$ip'"
        if ($result.StatusCode -eq 0) {
        Write-Host "$ip is up."
        }
        else{
        Write-Host "$ip is down."
        Write-Host "Disconnecting..."
        rasdial <<VPN name>> /DISCONNECT
        Write-Host "Connecting..."
        $ad = $env:APPDATA
        rasdial <<VPN Phonebook name>> /PHONEBOOK:$ad\Microsoft\Network\Connections\Cm\<<VPN Phonebook name>>.pbk
        $a = Get-NetIPInterface <<VPN Phonebook name>>
        route ADD <<Network ID of Server>> MASK <<Subnet Mask for Network>> <<Default Fateway>> METRIC 25 IF $a.ifIndex
        }

      Feedback and Knowledge Base