00:00 Intro 01:05 Context - caution with centralised Internet breakout! 02:10 Topology overview 04:44 Default behaviour 06:23 Local interface metric issues 06:54 Workaround using 2 * /1 routes 08:40 Workaround using Azure VPN Client version parameter 10:54 Local ISP DNS issues 12:10 P2S Custom DNS servers via Azure Firewall DNS Proxy 14:38 Routing only specific Public IP via Azure Internet breakout 19:19 Conclusion
Hi Adam Following your video and trying to implement force tunneling but haven't had much success. Can you share what your firewall policy looks like? Whenever I turn on the force tunnel I am not getting any packs via the VPN interface at all. Traffic does go out but nothing comes back. Any help is greatly appreciated.
@AdamStuart1 Great Video! I have a question though. Is there a way to advertise included routes from the virtual hub route table (rather than adding them to the .xml file)? Our company frequently adds/removes routes from our VPN end users.
@@AdamStuart1 Haven't tried ikev2 yet, but the azure VPN client does receive the BGP routes that are being advertised from our on-prem (just not routes added to the vhub). We use AAD authentication flow which only is supported only on openvpn. If I use the standard P2S virtual network gateway for vnets (not vwan), I can add static routes to the vpg and they work with openvpn.
@@hotwired2424 Thanks for confirmation. OpenVPN should be safe bet. I would expect static routes to be advertised but I don't remember explicitly testing it. I don't have time to do so at the moment, I would raise a support ticket to confirm behaviour and expectations.
Thanks Adam, this has been very helpful. Been trying to set this exact set up for a week now!
00:00 Intro
01:05 Context - caution with centralised Internet breakout!
02:10 Topology overview
04:44 Default behaviour
06:23 Local interface metric issues
06:54 Workaround using 2 * /1 routes
08:40 Workaround using Azure VPN Client version parameter
10:54 Local ISP DNS issues
12:10 P2S Custom DNS servers via Azure Firewall DNS Proxy
14:38 Routing only specific Public IP via Azure Internet breakout
19:19 Conclusion
Hi Adam
Following your video and trying to implement force tunneling but haven't had much success. Can you share what your firewall policy looks like? Whenever I turn on the force tunnel I am not getting any packs via the VPN interface at all. Traffic does go out but nothing comes back. Any help is greatly appreciated.
figured out the issue. The VPN client must have the HA option un-checked.
Where is this HA option? I am still experiencing the issue that users cannot reach internet.
@AdamStuart1 Great Video! I have a question though. Is there a way to advertise included routes from the virtual hub route table (rather than adding them to the .xml file)? Our company frequently adds/removes routes from our VPN end users.
Are you seeing same behaviour with ikev2 and openvpn?
@@AdamStuart1 Haven't tried ikev2 yet, but the azure VPN client does receive the BGP routes that are being advertised from our on-prem (just not routes added to the vhub). We use AAD authentication flow which only is supported only on openvpn. If I use the standard P2S virtual network gateway for vnets (not vwan), I can add static routes to the vpg and they work with openvpn.
@@hotwired2424 Thanks for confirmation. OpenVPN should be safe bet. I would expect static routes to be advertised but I don't remember explicitly testing it. I don't have time to do so at the moment, I would raise a support ticket to confirm behaviour and expectations.
How to route traffic for a fqdn (because the site has dynamic ip range).