Azure P2S OpenVPN DNS issue

Romar 86

I setup Azure P2S VPN with AAD authentication and it works fine resolving hosts in Azure.
The setup is using two DNS servers that are installed default when adding AADDS to the Azure tenant.
It seems like these two DNS servers don't forward DNS requests and browsing the internet isn't possible.

I tried adding a custom DNS server to the XML file, but the Azure VPN client is only loading DNS servers that are configured in the Azure Virtual Network settings.

Is there a way to access the internet with Azure P2S VPN active and using the the two DNS servers I mentioned earlier?

Thank you in advance for pointing me to the right direction.

KapilAnanth-MSFT 35,581 Reputation points Microsoft Employee

2022-12-05T16:49:21.92+00:00
Hi @Romar ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you lose internet connection after connecting to Azure P2S VPN.

I see you have mentioned your set-up uses two DNS servers provided from AADDS tenant.

I am not sure how this is configured.

May I ask if this is a VM acting as DNS server or DNS service provided by the PaaS itself?

Can you share any documents referring to this for my understanding.

In any case,

P2S clients can only use Azure VM deployed in the VNet as DNS servers.

If the AADDS DNS servers are not a IaaS VMs,

Then you can spin up a DNS forwarder in the VNet, and forward the request to the AADDS DNS servers.

Please do let us know should you require more information on the above.

Cheers,
Kapil
Romar 86 Reputation points

2022-12-05T23:23:31.72+00:00

@Kapil Kalra
Thank you for your reply.
I'm using a DNS server that is added on a Windows 2022 VM and this solved the problem. Is this what you mean by spinning up a DNS forwarder?

Regards
Romar
KapilAnanth-MSFT 35,581 Reputation points Microsoft Employee

2022-12-06T09:45:12.693+00:00
Hi @Romar ,

Glad the issue has been resolved.

I'm using a DNS server that is added on a Windows 2022 VM and this solved the problem. Is this what you mean by spinning up a DNS forwarder?

Yes

I was under the impression that you were using some other PaaS DNS service

As you have implemented, IaaS VMs can be set as DNS servers in the XML configuration.

I see you were able to configure the XML file and get this working now.

Cheers,
Kapil

Accepted answer

Luke Murray 10,531 Reputation points MVP

2022-12-04T18:50:30.937+00:00

Make sure your custom DNS settings are in the right place (see this article for reference: add-custom-dns-servers-and-set-azure-point-to-site-vpn-to-connect-automatically

Then remove the VPN from your Azure VPN client, and re-import with the new config - it has to be reimported to import the new settings - including the DNS settings, if these changes are made AFTER you have already imported the VPN - it will continue to use the old configuration.
Please sign in to rate this answer.
Romar 86 Reputation points

2022-12-05T23:26:53.743+00:00

@Luke Murray
Thank you for your suggestion.
It seems like I didn't add the customs DNS settings correctly in the XML. After a few attempts and using a DNS server in the same VNET as the P2S VPN it worked.

Regards
Romar
Sign in to comment

Azure P2S OpenVPN DNS issue

0 additional answers