Setting up P2S VPN to route traffic to public endpoints?

I am in the process of setting up the Azure point-to-site VPN to allow access to our internal Azure resources, whilst also allowing access to the internet.

For the most part, this works in its default configuration, anything with a private connection can be accessed through the Azure VPN gateway and anything on the open internet is accessed through the default physical gateway on the client machine.

The issue is that we need resources such as publicly accessible app services, sharepoint, onedrive etc. to be accessible through the Azure VPN gateway, but it doesn’t appear possible to get them to connect, it just times out when attempted.

Does anyone have any experience with this? I would be interested to know if anyone has found a way to get this working without having to route these public resources through the physical gateway (which is not a practical option for us).

You might have a look at this URL:

https://learn.microsoft.com/en-us/azure/vpn-gateway/azure-vpn-client-optional-configurations#forced-tunneling

It describes what I understand from your requirements - forcing all traffic (0.0.0.0/1) through the VPN tunnel.

You also might share a bit more details about your VNET/Gateway-Setup to see whether there is something blocking your traffic if you already used the configuration described in that article.

Sounds like you need an ExpressRoute with Microsoft Peering, this is a dedicated circuit that allows you to connect to public Azure and MS services.

The best you can do over a VPN is to use private endpoints for your Azure services and then you can hit them on private IPs in your Azure vnet over the VPN, but that won’t apply to OneDrive.