How can we improve Azure Networking?

Auto-connect for point-to-site VPN.

When the device is restarted, or internet connectivity is regained, the device automatically connects to the VPN again.

401 votes
Sign in
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Josh Dean shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Sign in
Sign in with: Microsoft
Signed in as (Sign out)
  • Just Me commented  ·   ·  Flag as inappropriate

    any update of this? or a workaround for domain joined windows 10 clients that need P2S VPN to be autoconnected?

  • Mark Bell commented  ·   ·  Flag as inappropriate

    I'm with everyone else here. Why do we not already have the ability for our company-deployed laptops to connect to P2S VPN on startup? This would make things so much easier for our employees. As of right now, they have to log into the laptop connected to Azure AD, and then connect to VPN and then run a bat file to map drive shares. That's just too much for some of our older users...

  • Glenn Drake commented  ·   ·  Flag as inappropriate

    We've started using Azure Managed Instance which requires us to VPN to the VNET that the database resides. When the VPN drops we need a way to automatically reconnect without manual intervention.

    Would be good to see some movement here.

  • Connector commented  ·   ·  Flag as inappropriate

    Sounds great. Have you tested it already? Does it re-connect it the connection breaks?

  • Anonymous commented  ·   ·  Flag as inappropriate

    Steven, This sounds interesting. Can you explain in detail how you manually configured the VPN? Should this also work with dynamic Routing in order to connect multiple clients?

  • Steven De Kock commented  ·   ·  Flag as inappropriate

    We had a case where we had to connect to an on-prem server without the ability to setup site-to-site.
    We worked around this by manually configuring the VPN client (instead of using the installer), using scheduled tasks on boot and every 5 minutes, setting up static routes.

    Because our server is polling the client, we also had the need for a static IP address. We worked around this by having the client register register itself in our server.

  • Stefan commented  ·   ·  Flag as inappropriate

    I agree. We have postponed moving to Azure until auto-connect on boot is available.Yushun, is there a chance that it will come with Windows 10?

  • Anonymous commented  ·   ·  Flag as inappropriate

    Connect at boot is really an important requirement, in particular because it would allow the use of roaming profiles. I hope that you are making progress!

  • Olaf Engelke commented  ·   ·  Flag as inappropriate

    Beside that it would be nice, if the VPN client would not claim a new IP address, if the connection has been dropped, but try to renew the lease first.

  • Andrey B. commented  ·   ·  Flag as inappropriate

    Windows 7/8 already has IPHTTPS, which does exactly that.

    There are two gotchas, however:
    1) The management API for IPHTTPS can only create a single instance of IPHTTPSInterface, because it was designed as a platform feature for DirectAccess / Forefront UAG.
    But this could be improved in an update (or at least in Windows 8.2).

    2) There is a hard requirement for IPv6 inside the private network (which is a good thing - avoids all the problems with RFC 1918 address space clashes).

    Currently, Azure blocks IPv6 communication, including 6to4 and ISATAP, so IPHTTPS cannot be easily deployed. The only option is Teredo, which is complicated and inherently unreliable.

  • Josh Dean commented  ·   ·  Flag as inappropriate

    I have worked around the issue with a powershell script and a scheduled task that triggers the script when the computer starts, and in 5 minute increments there after.

    $ip = <<server IP>>
    $result = gwmi -query "SELECT * FROM Win32_PingStatus WHERE Address = '$ip'"
    if ($result.StatusCode -eq 0) {
    Write-Host "$ip is up."
    Write-Host "$ip is down."
    Write-Host "Disconnecting..."
    rasdial <<VPN name>> /DISCONNECT
    Write-Host "Connecting..."
    $ad = $env:APPDATA
    rasdial <<VPN Phonebook name>> /PHONEBOOK:$ad\Microsoft\Network\Connections\Cm\<<VPN Phonebook name>>.pbk
    $a = Get-NetIPInterface <<VPN Phonebook name>>
    route ADD <<Network ID of Server>> MASK <<Subnet Mask for Network>> <<Default Fateway>> METRIC 25 IF $a.ifIndex

Feedback and Knowledge Base