vpn - Azure Private Network Gateway - removing propagated network

Question

I have created Azure Virtual Network with address space 10.50.50.0/23, in it, I have created 5 subnets - 10.50.50.0/26, 10.50.50.64/26, 10.50.50.128/26, 10.50.51.0/26 and 172.16.0.0/26, on top of this network I have created Virtual Network Gateway (VPN) with point to site 10.99.99.0/25, I would like to limit routing only to 2 subnets 10.50.51.0/26 and 10.50.51.64/26 - for doing that I've added --custom-routes for only those two network ... but still in my client I've saw routing to whole network range (10.50.50.0/23), same after creating new route table and creating new hop's ... any idea how to modify that ?

question from:https://stackoverflow.com/questions/65943172/azure-private-network-gateway-removing-propagated-network

Answer 1

If you want to limit the route on the client, you should add a route on the client instead of the Azure virtual network. In fact, you can find the route of the VPN client in the file VpnSettings.xml of the folder Generic from VPN client downloaded folder.

The file VpnSettings.xml will like this:

<?xml version="1.0"?>
<VpnProfile xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <VpnServer>azuregateway-xxxxx-xxx.vpn.azure.com</VpnServer>
  <VpnType>SSTP</VpnType>
  <CaCert>xxxxx</CaCert>
  <Routes>10.0.0.0/16</Routes>
  <Auth>EAPTLS</Auth>
  <VnetName>example-network</VnetName>
  <VnetId>06e10077-xxxx-xxxx-84d6-5aa4db8b6752</VnetId>
  <ServerCertRootCn>DigiCert Global Root CA</ServerCertRootCn>
  <ServerCertIssuerCn>DigiCert Global Root CA</ServerCertIssuerCn>
  <VpnClientAddressPool>192.168.100.0/24</VpnClientAddressPool>
  <AadIssuer />
  <AadTenant />
  <AadAudience />
  <CustomDnsServers />
</VpnProfile>

You could try to modify the route to <Routes>10.50.51.0/26,10.50.51.64/26</Routes> then you could reinstall the VPN client package like VpnClientSetupAmd64.exe.

In addition, you can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network.