Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article helps you configure optional settings for the Azure VPN Client.
For information about installing the Azure VPN Client, see Configure the Azure VPN client - Windows.
For information about how to download VPN client profile configuration file (xml file), see Download a global or hub-based profile.
Note
The Azure VPN Client is only supported for OpenVPN® protocol connections.
The steps in this article require you to modify and import the Azure VPN Client profile configuration file. To work with VPN client profile configuration files (xml files), do the following:
- Locate the profile configuration file and open it using the editor of your choice.
- Modify the file as necessary, then save your changes.
- Import the file to configure the Azure VPN client.
You can import the file using these methods:
Import using the Azure VPN Client interface. Open the Azure VPN Client and click + and then Import. Locate the modified xml file, configure any additional settings in the Azure VPN Client interface (if necessary), then click Save.
Import the profile from a command-line prompt. Add the downloaded azurevpnconfig.xml file to the %userprofile%\AppData\Local\Packages\Microsoft.AzureVpn_8wekyb3d8bbwe\LocalState folder, then run the following command. To force the import, use the -f switch.
azurevpn -i azurevpnconfig.xml
Modify the downloaded profile xml file and add the <dnssuffixes><dnssufix> </dnssufix></dnssuffixes> tags.
<azvpnprofile>
<clientconfig>
<dnssuffixes>
<dnssuffix>.mycorp.com</dnssuffix>
<dnssuffix>.xyz.com</dnssuffix>
<dnssuffix>.etc.net</dnssuffix>
</dnssuffixes>
</clientconfig>
</azvpnprofile>
Modify the downloaded profile xml file and add the <dnsservers><dnsserver> </dnsserver></dnsservers> tags.
<azvpnprofile>
<clientconfig>
<dnsservers>
<dnsserver>x.x.x.x</dnsserver>
<dnsserver>y.y.y.y</dnsserver>
</dnsservers>
</clientconfig>
</azvpnprofile>
Note
The OpenVPN Microsoft Entra client utilizes DNS Name Resolution Policy Table (NRPT) entries, which means DNS servers will not be listed under the output of ipconfig /all. To confirm your in-use DNS settings, please consult Get-DnsClientNrptPolicy in PowerShell.
Modify the downloaded profile xml file and add the <includeroutes><route><destination><mask> </destination></mask></route></includeroutes> tags.
<azvpnprofile>
<clientconfig>
<includeroutes>
<route>
<destination>x.x.x.x</destination><mask>24</mask>
</route>
</includeroutes>
</clientconfig>
</azvpnprofile>
You can include 0/0 if you're using the Azure VPN Client version 2.1900:39.0 or higher.
Modify the downloaded profile xml file and add the <includeroutes><route><destination><mask> </destination></mask></route></includeroutes> tags. Make sure to update the version number to 2. For more information about forced tunneling, see Configure forced tunneling.
<azvpnprofile>
<clientconfig>
<includeroutes>
<route>
<destination>0.0.0.0</destination><mask>0</mask>
</route>
</includeroutes>
</clientconfig>
<version>2</version>
</azvpnprofile>
Modify the downloaded profile xml file and add the <excluderoutes><route><destination><mask> </destination></mask></route></excluderoutes> tags.
<azvpnprofile>
<clientconfig>
<excluderoutes>
<route>
<destination>x.x.x.x</destination><mask>24</mask>
</route>
</excluderoutes>
</clientconfig>
</azvpnprofile>
For more information, see Create a Microsoft Entra tenant for P2S Open VPN connections that use Microsoft Entra authentication.