I have a few emails sent out about this topic, but figured I’d post it here as well.
We setup a Virtual Network Gateway in our subscription and now we’re getting billed $4 a day to allow users to access using the Azure VPN app. We are not using any S2S tunnels on this VNG, only allowing P2S connections. I was under the assumption that this was a free service provided with the VNG.
The Azure calculator sure makes it seem like it should be free. We’re being billed even when users aren’t connected. its a constant costs of $4 a day and $120 a month. This is a bit steep for 8 users to connect to VPN.
Any insight into how to make this less expensive?
Thank you!
Sounds like you’re being charged for the public IP address more than anything. Azure also only charges for egress traffic (fact check strongly encouraged).
It’s hard to say how to make it cheaper, I would say contact your VAR if you have one, or look into creating a new subscription in azure and look around to see if any apply to you that might be cheaper.
It’s hard to say what might help not knowing your situation and resources they are connecting to… do you have anything on prem?
I’m also on mobile and for whatever reason can’t see the text as I type so excuse any typos… I’m not drunk lol
From https://azure.microsoft.com/en-us/pricing/details/vpn-gateway/
" Setting up a virtual network is free of charge. However, we do charge for the VPN gateway that connects to on-premises and other virtual networks in Azure. This charge is based on the amount of time that gateway is provisioned and available. "
P2S would be considered “on-premises” which is why you’re being charged
Sorry not much help directly related to your Q but I saw it has been an hour and no traction yet.
Also if they’re connecting to VMs you may be able to setup teaviewer or something similar.
thanks for taking the time to reply.
I’m not using any S2S tunnels to on Prem. not more than 5 users are on the VPN connection. Even on the weekends when nobody is working its still close to $4… the price fluctuates a few cents, and thats probably egress traffic.
So to add more information, I actually started with the VpnGW1AZ Sku and it was double the price, which is exactly what the Azure Calculator shows. So I recreated the VPN Gateway with the VpnGW1 Sku for half the price, and the price did cut in half per day. So all the evidence leads to this just being a tunnel that is fully connected at all times and i’m being billed for the full price of the gateway being always on.
We have another client with a S2S VPN tunnel up 24/7 using this exact same SKU and they only get billed $30 a month for a full S2S tunnel. so this just doesn’t make sense…
I’m waiting to here back from our CSP as to how this all works. hopefully they can give me answers.
That makes sense. The gateway is on 730 hours a month because it has to be available to accept a P2S connection. So if any of the 10 users isn’t connected, we still get billed $138 a month because the gateway has to be available.
Is there a less expensive option that works well? The basic VPN doesn’t give you the option to do Azure AD authentication, so that’s not good.
Not that I’m aware of - other than running it in a sponsored subscription (if you have a competency) or running it inside a subscription with monthly credits (Such as VS Pro/Enterprise subscription). Depending on what you’re using the VPN for, that might be allowed.
No. I had a similar talk with my manager because he didn’t want to pay that much (730h constant uptime). If you know between certain hours you have no users, I’d setup a delete and reprovision the P2S VNG 1h before users start using it. You’d thus be able to cut down on the VNG uptime.
No. Also if this for work it’s one of the cheapest VPN systems they can buy
Yea it’s silly for it to cost this much for a few users. I have a few options but really wanted to use this.
thanks for taking the time to reply.