Issue with Azure VPN Client

Suraj Rumpal 0

Hi,

I have recently created two virtual machines in azure under the same Vnet. This is then linked back to our on-premise site and I can ping from on-prem back to azure via the host name so that shows that dns is working. However when I create the P2S and download the package and import that into the Azure VPN Client I cannot ping back to my on-prem network but can ping into the Azure network. I also get no internet when connected to the vpn. when connect to the vpn client I do not see any dns address nor the default gateway. Is this normal? The on-prem dns server is added into the Vnet so should that not be available in the P2S?

on-prem network 192.168.99.0/24

azure network 10.0.0.0/24

thanks for you help in advance

KapilAnanth-MSFT 47,206 Reputation points Microsoft Employee

2023-04-03T06:54:18.0366667+00:00
@Suraj Rumpal

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

May I know, Do you want to access your OnPrem servers from Remote P2S Clients via VPN Gateway?

If so, can you confirm if using IP address of the OnPrem servers, is it working as expected?

By default, DNS server will not be added to the P2S Client files.

You must, Add DNS suffixes and Add custom DNS servers

Only then, DNS resolution using custom DNS will work in P2S Clients. Let us know if my understanding is incorrect.

If not, please try the above and let us know if this works.

Cheers,

Kapil
Suraj Rumpal 0 Reputation points

2023-04-03T08:36:21.2466667+00:00

@KapilAnanth-MSFT

Thanks for coming back. I am good thanks. Hope you are also good.

Yes, I would like to access our OnPrem servers via the P2S Clients via the VPN Gateway.

The IP Address of our OnPrem domain controller server is 192.168.99.7. I can see this is added into the Vnet DNS Server and can see this being applied when connected to the P2S.

I have tried to edit the XML file but when I go back to import this into the Azure VPN it keeps failing and coming up with profile is not for Azure VPN.

Thanks for your help in advance.

Thanks

Suraj
KapilAnanth-MSFT 47,206 Reputation points Microsoft Employee

2023-04-03T14:12:15.22+00:00
@Suraj Rumpal

Can you let us know what Protocol are you using?

Can you share the Advertised routes and DNS server from the VPN Client App once connected to the P2S.

If you do a nslookup for your OnPrem server, what is the result and what is the DNS server used?
KapilAnanth-MSFT 47,206 Reputation points Microsoft Employee

2023-04-04T08:16:23.21+00:00

@Suraj Rumpal Can you please update us if the action plan provided was helpful? Should there be any follow-up questions or concerns, please let us know and we shall try to address them. Thanks, Kapil
Tomasz Wieczorkowski 51 Reputation points

2024-11-05T21:16:50.2233333+00:00
Hi Guys,

I've tested this issue.

Steps performed:

New Azure VPN config downloaded from the Azure Portal VPN Gateway P2S (doesn't work)

Checking of ipconfig /all , route print, tracert, nslookup, test-netconnection, telnet, wifi/wired interfaces settings (all checked, no issues)

The problem is somehow related to the the Microsoft EDGE web browser DNS settings. When open Microsoft EDGE -> Settings -> search for "dns" -> look for "Use secure DNS to specify how to lookup the network address for websites". By default there is a settings set "Use current service provider". To solve the case and have the internet connection while on Azure VPN select "Choose a service provider", click in the empty field below and select e.g. "Cloudflare (1.1.1.1)". It will appear as "https://chrome.cloudflare-dns.com/dns-query". Screens attached. Then reboot the web browser - Microsoft Edge - and the internet will start to work right away.

Security info: In this Cloudflare DNS is used to resolve your DNS queries. If you do not want to do that try with your own DNS servers or other DNS you prefer in this step.

NOTE: If this will help you feel free to leave short comment or just share this to other that have such issue.

In case of questions feel free to let me know via comments as well.

Best regards,

Tomasz Wieczorkowski

1 answer

Unknown_Beast 145 Reputation points

2023-04-03T07:12:49.67+00:00
Based on the information you provided, it seems like there may be some configuration issues with your Point-to-Site (P2S) VPN connection to Azure.

Here are some possible reasons why you are unable to ping back to your on-prem network:

Subnet configuration: Ensure that the address space of the VNet in Azure (10.0.0.0/24) does not overlap with the on-premises network (192.168.99.0/24). If there is an overlap, you may experience routing issues.

Routing: Ensure that the routes are properly configured on the on-premises VPN device, and that traffic from the on-premises network is correctly routed to the VNet in Azure. Also, ensure that the routing is configured in Azure correctly.

Firewall: Ensure that the firewall rules are configured correctly to allow traffic between the on-premises network and the Azure VNet.

Regarding your issue with no internet access when connected to the VPN client, this could be due to a misconfiguration of the VPN client or the VPN gateway in Azure. You may need to check the DNS and default gateway settings on the VPN client to ensure that they are configured correctly.

Lastly, regarding the DNS server not being available in the P2S VPN, you need to ensure that the DNS server is configured correctly in the Azure VNet, and that the VPN client is configured to use the correct DNS server.

I recommend checking the Azure VPN Gateway logs and the on-premises VPN device logs to see if there are any errors or issues that can help identify the problem. You can also try running a network capture to see if the packets are being routed correctly.
Please sign in to rate this answer.
Suraj Rumpal 0 Reputation points

2023-04-03T08:39:36.88+00:00

Hi,

I can confirm the routes are setup correctly. Traffic flows via the S2S gateway and DNS resolution works from both on OnPrem and Azure and vice versa.

When checking the config of the Azure vPN I can see the IP Address of our onprem DC server (192.168.99.7) is being applied from the Vnet and also its showing on the client.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Issue with Azure VPN Client

1 answer

Your answer