Share via

No internet when connected to Azure VPN point to site

Andy Bolk 10 Reputation points
2023-05-03T17:43:13.4733333+00:00

We use Azure VPN to connect our local laptops to our Azure VNet to then connect to Azure file shares. Within the last day our VPN connection still works, but then we lose all internet connections once connected to VPN. We have rest the VPN Gateway and that has not resolved the issue. Any help is appreciated.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,566 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. KapilAnanth-MSFT 47,206 Reputation points Microsoft Employee
    2023-05-05T05:20:01.1133333+00:00

    @Andy Bolk

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    You informed you were doing a lab with Azure AD DS (and everything worked just fine) and then deleted that, however, post this you lost internet connectivity when connected to Azure VPN Client.

    I suggested to,

    • Check if you are learning the default route 0.0.0.0/0 from the VPN gateway
    • Redownload the configuration file and re-import it to the VPN Client.
    • Check if this is happening with multiple devices or with only a specific machine?

    And to isolate if this is connectivity issue or DNS issue.

    • After connecting to the P2S VPN
    • Open Powershell as admin and Run tnc 8.8.8.8 -p 443
    • If the above worked, Run tnc www.google.com -p 443

    But you informed that you reconfigured the Azure AD DS and removed it once more, which resolved the issue.

    If you could reproduce this behavior at will (in a Test environment), we could look deeper into this and isolate and mitigate the issue.

    I am afraid the details we have currently cannot help us arrive at a definitive conclusion on the root cause.

    Kindly let us know if this helps or you need further assistance on this issue.

    Thanks,

    Kapil

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    0 comments
  2. Tomasz Wieczorkowski 51 Reputation points
    2024-11-09T15:53:39.1566667+00:00

    Hi Guys,

    If above solution won't work for you, I've tested a secondary solution - useful especially for organization infrastructures in Azure or Hybrid.

    Steps:

    1. Set MS EDGE DNS Settings (mentioned in the previous solution) the DEFAULT and close/open web browser
    2. Log into your Azure Portal - portal.azure.com.
    3. Check if you have any DNS Forwarder server there (e.g. Active Directory DC with DNS on VM, Linux Bind DNS on VM or some DNS in Azure Container) and collect it's IP address (you may have more DNS servers so 2-3 IP addresses of such should be enough) - PS: Do not use Azure DNS as it is not routable via VPN tunnels.  If you do not have such DNS you have to create it (e.g. Active Directory DC with DNS on VM, Linux Bind DNS on VM or some DNS in Azure Container). Note your DNS servers IP address/addresses (1-3 max for now). Those DNS server/-s needs to be able to resolve local addresses and have DNS Forwarders for external IP addresses as well. NOTE: DNS Forwarder server cannot be in the same subnet in Azure as the Azure VPN Gateway.
    4. When your DNS server is in place in one of the Azure VNet then in Azure Portal go to the "Virtual Networks".
    5. For each "Azure Virtual Network" go into its "Settings/DNS Servers" and check/set the above IP addresses of DNS Forwarders there (1-3 max for now). Verify that all IP addresses are valid. Remove invalid once.
    6. When all VNets in Azure have been configured with the correct DNS Forwarders (DNS servers) IP addresses go into the Azure VPN Gateway and P2S connection required.
    7. Download the Azure VPN Client configuration file (NOTE: It needs to be downloaded and update on client machines every time you make a change to DNS servers on VNets)
    8. Remove the old Azure VPN connection (if any) and import the new Azure VPN Client configuration file into Azure VPN Client application on client machines. (If there is no Azure VPN Client installed yet then install it)
    9. When new Azure VPN Connection is imported use it and connect to Azure via P2S VPN.
    10. The internet should work well now and desktop applications like Outlook as well when Azure VPN P2S connection is active. And you should be able to connect to the Azure resources as well like VMs via RDP.

    Additionally - if you still face some issues - you may check Metrics & Indexes of the network interfaces of the client machines: "netsh interface ipv4 show interfaces" command from PowerShell.

    The network interface with the lowest Metric/Interface number has higher priority so you may try to adjust that if necessary. But first try to set you environment correctly and with the valid IPs of the DNS Forwarders before you start to dig in the text and commands (as this may cause a bigger mess).

    Conclusion: The source of the problem for Azure VPN Client & internet/desktop app connections while it is active is mostly the valid DNS configuration and availability of the DNS Servers/DNS Forwarders, updated DNS settings on all Azure VNets and updated/downloaded/imported onto client machines Azure VPN P2S configuration file.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.