Hello, I have azure network gateway that has a point to site client VPN with OpenVPN protocol and it has couple of IPsec site to site VPN tunnel, everytime I connect to the client point to site VPN, it let me access the peer private network for the site to site tunnel and it shows; for example if the local private network for one of the site to site VPN tunnel is 192.168.3.0/X, and the peer private network is 172.16.2.0/X, the route 172.16.2.0/X show in the list of the point to site client VPN, I need a way to exclude it with minimum effort. Thanks, Joe

@Joe Saad , Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well. I understand that you would like to excludes routes from P2S client. Please refer to : Azure VPN Client - Optional DNS and routing settings | Block (exclude) routes Kindly modify the XML configuration as above and let me know if that helps. Thanks, Kapil Please Accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer.

Exclude a route from Azure VPN Client

Accepted answer

KapilAnanth-MSFT 48,741 Reputation points Microsoft Employee

2024-11-26T04:56:15.6066667+00:00

@Joe Saad ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I understand that you would like to excludes routes from P2S client.

Please refer to : Azure VPN Client - Optional DNS and routing settings | Block (exclude) routes

Kindly modify the XML configuration as above and let me know if that helps.

Thanks,

Kapil

Please Accept an answer if correct.

Original posters help the community find answers faster by identifying the correct answer.
Please sign in to rate this answer.

1 person found this answer helpful.
Joe Saad 20 Reputation points

2024-11-26T00:47:10.0166667+00:00

I'm talking about what VPN routes where I need to remove the route 172.16.2.0/X from it

Joe Saad 20 Reputation points

2024-11-26T13:59:48.74+00:00

@KapilAnanth-MSFT

Thanks for the reply, I already tried that, but it did not work I only added the part of exclude route

<excluderoutes> <route> <destination>x.x.x.x</destination><mask>24</mask> </route></excluderoutes>

Not sure if I have to include everything in that article or If I am doing it correctly, I will ty and see, for now any suggestion from your end on how to modify the whole .XML file correctly

KapilAnanth-MSFT 48,741 Reputation points Microsoft Employee

2024-11-27T07:34:34.01+00:00

@Joe Saad You are welcome

Your configuration seems to be correct.

I believe this is actually an UI issue, and actually, the route is being excluded only.

Consider my Lab,

#1 Original XML File, no modifications done

Focus on 10.10.0.4 IP, which is contained in 10.10.0.0/24

Checking for TCP Ping, ICMP Ping and routes, all seems to work

And trace route results are :

#2 Now, I edited the XML File to exclude "10.10.0.0/24"

The UI still shows 10.10.0.0/24, however, checking the routes, TCPPing and ICMP Ping

We can see the local interface is also advertising this.

And when I do traceroute, I can see this traffic is going to my ISP instead of P2S VPN

As next steps,

Can you please check whether you are able to Ping or TCP Ping a resource from excluded route?

And what difference do you see for OriginalXML File and Routes Excluded XML File for Trace route?

P.S : I could also see this mentioned in the same doc

The ability to completely block routes isn't supported by the Azure VPN Client. The Azure VPN Client doesn't support dropping routes from the local routing table. Instead, you can exclude routes from the VPN interface

Kindly let us know if this helps or you need further assistance on this issue.

Thanks,

Kapil

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Exclude a route from Azure VPN Client

0 additional answers

Your answer