Hey everyone! I'm new here and have been working with a hybrid architecture. I've noticed that a significant portion of my expenses comes from keeping the Azure VPN Gateway running all the time. I thought about the possibility of deallocating it and using it only when necessary, but the tunnel setup takes around 30 minutes, which doesn't work well for my infrequent needs.
I'm considering spinning up my own VPN server on an Azure VM so I can turn it off when not in use, but I'm worried about scalability and availability. Are there any other solutions out there? I'd appreciate any advice, especially if I'm misunderstanding something fundamental as I'm still getting the hang of this! Thanks!
6 Answers
It sounds like you might have high performance needs, but there’s a Basic SKU for the VPN Gateway that’s about $35 a month. You can only create it via PowerShell, and it has a limit of 100 Mbps and 10 site-to-site tunnels. It has fewer crypto options, though. Otherwise, a VM with your own VPN might be your best route.
I've read that basic SKU public IPs were retired in September 2025, and standard IPs aren't available for Basic VPN GWs. Make sure to confirm this with the latest documentation!
What’s your main purpose for the VPN? While VMs can be useful, they might end up costing more than the VPN Gateway if not used smartly. I’ve worked with both setups, and if you want more control, go for the VM. But for simplicity and cost-effectiveness, the VPN Gateway might be the way to go.
I need the VPN for secure data transfers to another cloud, but it’s only for short periods daily. Is the VPN Gateway cheaper than running a VM?
I’ve had success deploying OPNSense firewalls on Azure VMs for VPN, and you only pay for the VM itself.
Thanks! I’ll consider that as well.
Running OpenVPN on a Linux server is also a solid option! You can even set it up to use Entra ID for authentication. Just keep in mind the costs of the VM along with the data traffic.
Got it, thanks for the clarification!
Have you thought about whether you actually need hybrid networking? If this cost is such a hassle, maybe a different setup would be more suitable for you. You might want to explore using a point-to-site VPN or even a B-series spot VM with an open-source Network Virtual Appliance (NVA).
That’s a good point! I'm going to look into your suggestions. Thanks for your insight!
Consider checking out Entra Private Access if your needs differ. It’s a standard ZTNA solution. If you're using Entra ID for authentication, transitioning to EPA might be seamless without changing providers.
Wow, I hadn’t heard about that Basic SKU! I think 100 Mbps might not cut it for my large data transfers, but I’ll definitely check it out further.