Share via

Issue with Azure Blob Storage Connectivity via P2S VPN

Dhanasekaran Kuppusamy 0 Reputation points
2025-02-08T09:35:40.8+00:00

I am writing to request assistance regarding an issue we are currently facing while trying to connect our local systems to Azure Blob Storage through an Azure VPN connection.

Plan and Current Configuration:

  1. We have set up an Azure VPN using OpenVPN to enable local developers to access Azure Blob Storage from their local networks.
  2. The Azure VPN has been configured successfully, and the virtual network is connected to the Blob Storage.
  3. The Azure VPN connection status shows as successful, and we can confirm the VPN itself is functioning as expected.

Issue:

Despite the successful connection status on Azure, we are currently unable to access Azure Blob Storage from our local network. This prevents developers from interacting with the Blob Storage in their local environments.

Request for Assistance:

We would appreciate any guidance or troubleshooting steps you could provide to resolve this connectivity issue. Specifically, we would like to understand if there are any additional configurations required on either the Azure or local network side to establish proper connectivity to Azure Blob Storage.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,688 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,668 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 39,525 Reputation points MVP
    2025-02-08T12:12:45.3233333+00:00

    You need to implement a private endpoint for this to work - service endpoints are not supported in hybrid scenarios. Follow https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints and refer to https://learn.microsoft.com/en-us/azure/private-link/tutorial-private-endpoint-storage-portal?tabs=dynamic-ip

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

  2. Praveen Bandaru 1,260 Reputation points Microsoft External Staff
    2025-03-19T11:29:42.9133333+00:00

    Hello Dhanasekaran Kuppusamy

    Greetings!

    You can use private endpoints for your Azure Storage accounts to enable secure data access for clients on a virtual network (VNet) via a Private Link. Each storage account service uses a separate IP address from the VNet address space. Network traffic between VNet clients and the storage account travels over the VNet and a private link on the Microsoft backbone network, avoiding public internet exposure.

    Service endpoints are not supported in hybrid scenarios.

    Check the reference document: https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.