Morten

My feedback

  1. 1,284 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment
    Morten commented  · 

    This is kind of getting ridiculous, if Azure wants to become Enterprise friendly this type of delegation has to be first class citizen for all services

    Morten supported this idea  · 
  2. 37 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    started  ·  2 comments  ·  Networking » VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Morten commented  · 

    Just to add to this it's the dynamic BGP routing table from onprem that seem not to be picked up by the P2S client.

  3. 27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Networking » VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Matt,

    Thanks for the feedback. The status of this ask is a bit complicated – it’s partially working, but partially in progress:

    1. For existing SSTP P2S VPN, there is no solution but to download the VPN client package again.

    2. For IKEv2 P2S VPN, it works by P2S client reconnecting to the Azure VPN gateway. Once they connect again, they will get the new routes. This will apply to changes in VNet address spaces (including VNet peering), newly added S2S/VNet-to-VNet connections, or new routes learned via BGP.

    3. The caveat for (2) is that it currently works on Mac and Linux, but Windows require a KB/Update that will be released shortly.

    We will provide an update to this item once the Windows update is available.

    Thanks,
    Yushun [MSFT]

    An error occurred while saving the comment
    Morten commented  · 

    At the moment the VPN client config does not seem to pick up the advertised routes from the onprem side of the BGP VPN. These routes are dynamically advertised.

    The workaround by adding routes manually through the App Service Plan network configuration does not seem to be stable. It works for some time, then seems to be disregarded until one does a sync network action.

    This means that active-passive or active-active VPN GW with BGP can not be used in conjunction with the App Service VPN (P2S) connection scheme.

    Any serious Azure design needs a robust VPN gateway, so it is disappointing that App Service VPN does not support this configuration type.

    Morten supported this idea  · 

Feedback and Knowledge Base