Use P2S VPN connection as default gateway (like standard VPN)
P2S connection is working fine and I can access VMs on VNET.
It would good to have feature if you enable [Use default gateway on remote network] that you can browse internet and it looks like you are coming from Azure network if you visit some site.
Something like proxpn, purevpn and similar services.
This suggestion has two parts:
1. Use default route or forced tunneling on P2S client rather than split tunneling
2. Enable Azure VPN gateway as an forward proxy to the Internet
At this point, these will be considered as long term roadmap items.
Jason Ward commented
Forced tunneling seems like a common security mechanism and it would be great if it were possible of point-to-site clients. Also, I'm interested in "forced tunneling" to specific destination IPs and being able to send the traffic out of a NAT gateway. In our example, the external IP address of the NAT gateway is whitelisted by a third-party provider and our vms behind the NAT can access the third-party services. I'd like our vpn clients to also be able to access the third-party services by routing their traffic out the NAT. I suspect this could be implemented similar to a 'Custom' Service Endpoint where we can specify the external destination IP address.
You can deploy your own VPN solution fully automated with those capabilities. https://artisticcheese.wordpress.com/2021/03/01/l2tp-vpn-via-arm-template-in-azure/
Really interested in this feature. Is there any update on it ?
Hi, I'm interested in forced tunneling for Virtual WAN user VPN. Is this on the roadmap?
Maximilian Schempp commented
We are definitely interested in this as well!
Rishi Kapoor commented
Definitely interested in this. Please suggest if there is a way to achieve this currently.
Bhavesh Gajjar commented
We recently deployed Azure Virtual WAN and are in the process of testing out the P2S VPN capabilities. So far the platform works well however our IT Security folk are raising concerns with this technology as a result of the split tunneling. Having the ability to turn off the split tunneling seems to be a non-negotiable for IT Security. This would be a real road-blocker for a full switch to Azure Virtual WAN's P2S VPN.
I would imagine that other organizations are also facing similar challenges with the "no choice on split tunneling" through the P2S VPN.
I see that in 2016 this was considered as part of the "long term" roadmap. It's almost 4 years later, any idea when this type of capability would be implemented?
I ran into this issue today as I have requirements for specific client requests to come from a known public IP address. If this had worked it would have saved the need for infrastructure to be deployed and a proxy configured.
definitely interested as well
Pascal Kröger commented
We are interested in this aswell!
René Rebsdorf commented
How's this looking for "Under Review" and and "Long Term roadmap items"? :-)
Would be nice to setup remote devices on VPN and filter their traffic of forward traffic to multiple of single point.
Any update on when this might be on the roadmap? we want to use forced tunneling so we can route all mobile worker traffic through a NVA / IPS / web filter