Prevent client from using internet via my RRAS VPN

Question

I have a windows server 2016 running in Azure with RRAS VPN + NAT. I use this RRAS VPN to be able to RDP to my other VM's in the virtual network. However, when I connect my client (windows 10) computer to the RRAS VPN, my internet will stop working on the client (because internet access is blocked on the RRAS VM).

How can I prevent the client from trying to use the internet that my RRAS VPN VM provides? I tried disabling the use-default-gateway checkbox, but then I can no longer connect to my other VM's in the virtual network.

Thanks!

Answer 1

According to this link it seems that when you disable the "use-default-gateway checkbox" that the default routes are not added to your machine. In specific:

If “User default gateway on remote network” is turned on, the VPN client on successful VPN tunnel connection adds the default route on VPN interface with highest precedence. This way all the IP packets (except those destined to local subnet) go to VPN server. If this parameter is turned off, the default route is not added on VPN tunnel. This scenario will require user to add specific network specific route on the VPN interface – in order to reach the corpnet resources

So, you are left with editing your routes manually to ensure that they work. You can do this pretty easily in windows by working with the route table. The following article gives the basics of how to set this.

Essentially you will want to run something like this:

route ADD <azure network> MASK <azure mask> <azure gw ip>

After you have done this, you should be able to use the internet (via your local configuration) and access to your Azure servers (via the route you created above).