Configure Azure VPN Client optional settings - OpenVPN protocol

This article helps you configure optional settings for the Azure VPN Client.

Note

The Azure VPN Client is only supported for OpenVPNĀ® protocol connections.

Edit and import VPN client profile configuration files

The steps in this article require you to modify and import the Azure VPN Client profile configuration file. To work with VPN client profile configuration files (xml files), do the following:

  1. Locate the profile configuration file and open it using the editor of your choice.
  2. Modify the file as necessary, then save your changes.
  3. Import the file to configure the Azure VPN client.

You can import the file using these methods:

  • Import using the Azure VPN Client interface. Open the Azure VPN Client and click + and then Import. Locate the modified xml file, configure any additional settings in the Azure VPN Client interface (if necessary), then click Save.

  • Import the profile from a command-line prompt. Add the downloaded azurevpnconfig.xml file to the %userprofile%\AppData\Local\Packages\Microsoft.AzureVpn_8wekyb3d8bbwe\LocalState folder, then run the following command. To force the import, use the -f switch.

    azurevpn -i azurevpnconfig.xml 
    

DNS

Add DNS suffixes

Modify the downloaded profile xml file and add the <dnssuffixes><dnssufix> </dnssufix></dnssuffixes> tags.

<azvpnprofile>
<clientconfig>

    <dnssuffixes>
          <dnssuffix>.mycorp.com</dnssuffix>
          <dnssuffix>.xyz.com</dnssuffix>
          <dnssuffix>.etc.net</dnssuffix>
    </dnssuffixes>

</clientconfig>
</azvpnprofile>

Add custom DNS servers

Modify the downloaded profile xml file and add the <dnsservers><dnsserver> </dnsserver></dnsservers> tags.

<azvpnprofile>
<clientconfig>

  <dnsservers>
    <dnsserver>x.x.x.x</dnsserver>
        <dnsserver>y.y.y.y</dnsserver>
  </dnsservers>

</clientconfig>
</azvpnprofile>

Note

The OpenVPN Microsoft Entra client utilizes DNS Name Resolution Policy Table (NRPT) entries, which means DNS servers will not be listed under the output of ipconfig /all. To confirm your in-use DNS settings, please consult Get-DnsClientNrptPolicy in PowerShell.

Routing

Add custom routes

Modify the downloaded profile xml file and add the <includeroutes><route><destination><mask> </destination></mask></route></includeroutes> tags.

<azvpnprofile>
<clientconfig>

  <includeroutes>
    <route>
      <destination>x.x.x.x</destination><mask>24</mask>
    </route>
  </includeroutes>

</clientconfig>
</azvpnprofile>

Direct all traffic to the VPN tunnel (forced tunneling)

You can include 0/0 if you're using the Azure VPN Client version 2.1900:39.0 or higher.

Modify the downloaded profile xml file and add the <includeroutes><route><destination><mask> </destination></mask></route></includeroutes> tags. Make sure to update the version number to 2. For more information about forced tunneling, see Configure forced tunneling.

<azvpnprofile>
<clientconfig>
  <includeroutes>
    <route>
      <destination>0.0.0.0</destination><mask>0</mask>
    </route>
  </includeroutes>
    </clientconfig>

<version>2</version>
</azvpnprofile>

Block (exclude) routes

Modify the downloaded profile xml file and add the <excluderoutes><route><destination><mask> </destination></mask></route></excluderoutes> tags.

<azvpnprofile>
<clientconfig>

  <excluderoutes>
    <route>
      <destination>x.x.x.x</destination><mask>24</mask>
    </route>
  </excluderoutes>

</clientconfig>
</azvpnprofile>

Next steps

For more information, see Create a Microsoft Entra tenant for P2S Open VPN connections that use Microsoft Entra authentication.