Internet not working after I connect to Azure VPN (Point to Site)

Question

Hi,

We have a Azure VPN set up. The VPN is connected successfully from other machines except cooperate ones. The machines joining company domain were not able to access internet after connected with the Azure VPN.

Could you please help me with this issue?

Thanks,

Jon

Answer 1

@Jon Tran

Welcome to the Microsoft Q&A forum.

If I understand correctly, the corporate machines are unable to connect to internet when they are connected to Azure VPN. Since the non-corporate machines are able to connect to the internet when they are connected to Azure VPN. There can be multiple reasons for this issue and can be related to DNS resolution from the corporate machines. You can follow the steps mentioned below to pin-point the issue.

• You can initiate a ICMP ping to 8.8.8.8 and see if the ping is successful and if ICMP traffic is blocked in your environment you can do a TCP ping instead.
• If the ping is successful, you can perform a nslookup for any publicly accessible URL from corporate machine and see if that is resolved and simultaneously you can also perform a packet capture on the corporate machine by running a Tcpdump command or using Wireshark which can give you additional details if the DNS resolution is failing and also provide you additional insights.
• If the DNS resolution is failing, you can check if there DNS servers are set-up correct and if there is no firewall present which is blocking this connectivity.

Hope this helps! Please let us know if the issue still exists or if you have any additional questions. Thank you!

---

​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

Hi Guys,

I've tested this issue.

Steps performed:

1. New Azure VPN config downloaded from the Azure Portal VPN Gateway P2S (doesn't work)
2. Checking of ipconfig /all , route print, tracert, nslookup, test-netconnection, telnet, wifi/wired interfaces settings (all checked, no issues)
3. The problem is somehow related to the the Microsoft EDGE web browser DNS settings. When open Microsoft EDGE -> Settings -> search for "dns" -> look for "Use secure DNS to specify how to lookup the network address for websites". By default there is a settings set "Use current service provider". To solve the case and have the internet connection while on Azure VPN select "Choose a service provider", click in the empty field below and select e.g. "Cloudflare (1.1.1.1)". It will appear as "https://chrome.cloudflare-dns.com/dns-query". Screens attached. Then reboot the web browser - Microsoft Edge - and the internet will start to work right away.

Security info: In this Cloudflare DNS is used to resolve your DNS queries. If you do not want to do that try with your own DNS servers or other DNS you prefer in this step.

NOTE: If this will help you feel free to leave short comment or just share this to other that have such issue.

In case of questions feel free to let me know via comments as well.

Best regards,

Tomasz Wieczorkowski

Answer 3

Hi Guys,

If above solution won't work for you, I've tested a secondary solution - useful especially for organization infrastructures in Azure or Hybrid.

Steps:

1. Set MS EDGE DNS Settings (mentioned in the previous solution) the DEFAULT and close/open web browser
2. Log into your Azure Portal - portal.azure.com.
3. Check if you have any DNS Forwarder server there (e.g. Active Directory DC with DNS on VM, Linux Bind DNS on VM or some DNS in Azure Container) and collect it's IP address (you may have more DNS servers so 2-3 IP addresses of such should be enough) - PS: Do not use Azure DNS as it is not routable via VPN tunnels.  If you do not have such DNS you have to create it (e.g. Active Directory DC with DNS on VM, Linux Bind DNS on VM or some DNS in Azure Container). Note your DNS servers IP address/addresses (1-3 max for now). Those DNS server/-s needs to be able to resolve local addresses and have DNS Forwarders for external IP addresses as well. NOTE: DNS Forwarder server cannot be in the same subnet in Azure as the Azure VPN Gateway.
4. When your DNS server is in place in one of the Azure VNet then in Azure Portal go to the "Virtual Networks".
5. For each "Azure Virtual Network" go into its "Settings/DNS Servers" and check/set the above IP addresses of DNS Forwarders there (1-3 max for now). Verify that all IP addresses are valid. Remove invalid once.
6. When all VNets in Azure have been configured with the correct DNS Forwarders (DNS servers) IP addresses go into the Azure VPN Gateway and P2S connection required.
7. Download the Azure VPN Client configuration file (NOTE: It needs to be downloaded and update on client machines every time you make a change to DNS servers on VNets)
8. Remove the old Azure VPN connection (if any) and import the new Azure VPN Client configuration file into Azure VPN Client application on client machines. (If there is no Azure VPN Client installed yet then install it)
9. When new Azure VPN Connection is imported use it and connect to Azure via P2S VPN.
10. The internet should work well now and desktop applications like Outlook as well when Azure VPN P2S connection is active. And you should be able to connect to the Azure resources as well like VMs via RDP.

Additionally - if you still face some issues - you may check Metrics & Indexes of the network interfaces of the client machines: "netsh interface ipv4 show interfaces" command from PowerShell.

The network interface with the lowest Metric/Interface number has higher priority so you may try to adjust that if necessary. But first try to set you environment correctly and with the valid IPs of the DNS Forwarders before you start to dig in the text and commands (as this may cause a bigger mess).

Conclusion: The source of the problem for Azure VPN Client & internet/desktop app connections while it is active is mostly the valid DNS configuration and availability of the DNS Servers/DNS Forwarders, updated DNS settings on all Azure VNets and updated/downloaded/imported onto client machines Azure VPN P2S configuration file.