I was previously utilizing Azure Endpoint Connect to allow clients to connect to resources in my Azure Virtual Network. I have migrated to using the new Point-to-Site VPN for this purpose, but the new SSTP VPN is using a split-VPN network topology. Users connect to the gateway subnet, but to gain access to the Virtual Network subnet, a static route must be added to the local clients computer using the client's DHCP gateway subnet address as the interface address. The native VPN client from Azure uses a "Route Add" command to accomplish this task. This requires an elevated permission set to execute. Many of the clients that will utilize this connection DO NOT have this permission set and therefore proper routing can not be acheived. I have set the "use default gateway on remote network" option for these clients as a temporary solution, but clients cannot have access to other internet resources while the VPN is active (All traffic is routed throught the Azure VPN).
Is there a way to add the necessary routing to the local client's routing table WITHOUT elevated permissions. This is a necessary step for this new VPN to have value in my architecture. This was not an issue with Azure Endpoint Connect since it ran as a service.