![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 10%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEC%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 83%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
Hello @ Ernest Chambliss,
Thanks for sharing the details.
I understand that you’re having an issue with your Azure Point-to-Site (P2S) VPN where your internet traffic isn’t routing through the VPN as expected.
Even if you've followed the setup guide, it's essential to verify that the VPN client configuration profile accurately reflects your current Azure settings. could you please cross check the below steps and the supporting document.
- Ensure that the VPN client configuration includes the correct routes to force all traffic through the Azure VPN. For Windows clients, open Command Prompt after connecting to the VPN and run:
route print
This will display the active routing table. You should see entries for your Azure VNet and—if forced tunneling is configured—routes like 0.0.0.0/1 and 128.0.0.0/1 pointing to the VPN interface. These routes ensure that all internet-bound traffic is routed through Azure.
- Verify that the VPN client address pool does not overlap with your local network’s IP range.If there’s an overlap, routing conflicts can occur, causing packets to be misrouted or dropped. To resolve this, update the VPN client address pool in your Azure VPN Gateway configuration to use a distinct IP range that does not conflict with your local subnet. This ensures proper routing between the client and Azure resources.
- Verify whether split tunneling is enabled in the VPN configuration.When split tunneling is active, only traffic destined for the Azure virtual network is routed through the VPN, while all other traffic—including internet-bound traffic—continues to use the local network and public IP.
- If your goal is to route all traffic through the VPN, including internet traffic, you must ensure that split tunneling is disabled and that the VPN client is configured to use forced tunneling with appropriate routes
- Check whether any local firewall or endpoint security software is interfering with VPN traffic. In some cases, these tools may block or restrict traffic over the VPN tunnel, resulting in limited access to remote resources while local connectivity remains unaffected.
- Ensure that your firewall rules explicitly allow traffic to and from the VPN interface, including protocols such as IKEv2, OpenVPN, or SSL, depending on your VPN configuration. Also verify that outbound traffic through the VPN is not being filtered or dropped.
Supporting Documents: https://free.blessedness.top/en-us/azure/vpn-gateway/point-to-site-entra-vpn-client-windows
https://free.blessedness.top/en-us/azure/vpn-gateway/point-to-site-certificate-gateway
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".