Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

How can we improve Azure Networking?

← Networking

Use P2S VPN connection as default gateway (like standard VPN)

P2S connection is working fine and I can access VMs on VNET.

It would good to have feature if you enable [Use default gateway on remote network] that you can browse internet and it looks like you are coming from Azure network if you visit some site.
Something like proxpn, purevpn and similar services.

445 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Darko Bazulj shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
under review  ·  AdminAzure Networking Team (Product Manager, Microsoft Azure) responded  · 

Hi,

This suggestion has two parts:

1. Use default route or forced tunneling on P2S client rather than split tunneling
2. Enable Azure VPN gateway as an forward proxy to the Internet

At this point, these will be considered as long term roadmap items.

Thanks,
Yushun [MSFT]

16 comments

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Jason Ward commented  ·   ·  Flag as inappropriate

    Forced tunneling seems like a common security mechanism and it would be great if it were possible of point-to-site clients. Also, I'm interested in "forced tunneling" to specific destination IPs and being able to send the traffic out of a NAT gateway. In our example, the external IP address of the NAT gateway is whitelisted by a third-party provider and our vms behind the NAT can access the third-party services. I'd like our vpn clients to also be able to access the third-party services by routing their traffic out the NAT. I suspect this could be implemented similar to a 'Custom' Service Endpoint where we can specify the external destination IP address.

  • Justin commented  ·   ·  Flag as inappropriate

    Hi, I'm interested in forced tunneling for Virtual WAN user VPN. Is this on the roadmap?

  • Bhavesh Gajjar commented  ·   ·  Flag as inappropriate

    We recently deployed Azure Virtual WAN and are in the process of testing out the P2S VPN capabilities. So far the platform works well however our IT Security folk are raising concerns with this technology as a result of the split tunneling. Having the ability to turn off the split tunneling seems to be a non-negotiable for IT Security. This would be a real road-blocker for a full switch to Azure Virtual WAN's P2S VPN.

    I would imagine that other organizations are also facing similar challenges with the "no choice on split tunneling" through the P2S VPN.

    I see that in 2016 this was considered as part of the "long term" roadmap. It's almost 4 years later, any idea when this type of capability would be implemented?

  • Anonymous commented  ·   ·  Flag as inappropriate

    I ran into this issue today as I have requirements for specific client requests to come from a known public IP address. If this had worked it would have saved the need for infrastructure to be deployed and a proxy configured.

  • beheer commented  ·   ·  Flag as inappropriate

    Would be nice to setup remote devices on VPN and filter their traffic of forward traffic to multiple of single point.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Any update on when this might be on the roadmap? we want to use forced tunneling so we can route all mobile worker traffic through a NVA / IPS / web filter

Networking: VPN Gateway

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice