Multi-Region Point-to-Site in Microsoft Azure (Windows Fix)

In a previous post, I showcased how to: Create a Single Gateway, Multi-Region, VPN Architecture in Microsoft Azure. If testing with Windows didn’t work, it may be because Windows has to have its route tables updated to know how to tunnel past the gateway into the different regions. MAC and Linux can use IKEv2 without additional route adding.

A. For Windows, by default, it chooses IKEv2, we need to add a route to your spoke VNET

ip tables

Suppose the VNET spoke address space is 10.2.0.0 255.255.0.0,  and Client VPN interface IP is 172.16.100.130

route add

B. We also need to test the CMAK or manually create a SSTP VPN profile to Azure on Windows client.