How do I use a vpn inside a azure vm?

Mohammed aaqib 0

I Had created a windows server virtual machine on Azure, I want to know How do I use a vpn inside the virtual machine as It disconnects the remote desktop, the vpn I am using does not have split tunneling feature, I tried using azure bastion but that didn't help either, Could you please suggest any way to use a vpn inside the azure virtual machine without the rdp getting disconnected.

glebgreenspan 2,235 Reputation points

2024-07-12T14:09:41.4233333+00:00
Hello Mohammed

Can you try these steps:

Using a VPN inside a Windows Server virtual machine (VM) on Azure can be a bit tricky, especially when you don't have split tunneling. Here are some possible solutions to help you use a VPN inside the VM without disconnecting Remote Desktop (RDP):

Solution 1: Use a different VPN client

Instead of using the built-in VPN client on your Windows Server VM, try installing a third-party VPN client like OpenVPN, SoftEther VPN, or WireGuard. These clients often have better compatibility with Azure VMs and might not disconnect your RDP session.

Solution 2: Configure Azure Load Balancer (ALB)

Azure Load Balancer (ALB) can help you route traffic from your VM to the VPN server. You'll need to:

Create an ALB with a public IP address.

Configure the ALB to route traffic from the VM to the VPN server.

Update your VM's network configuration to use the ALB as the default gateway.

This approach will allow you to maintain RDP connectivity while using the VPN.

Solution 3: Use Azure Virtual Network (VNet) peering

If you're using a VNet in Azure, you can peer it with another VNet that contains the VPN server. This will allow your VM to communicate with the VPN server without going through the Azure public internet.

Solution 4: Set up Site-to-Site VPN

Create a Site-to-Site VPN connection between your Azure virtual network and your on-premises network (where the VPN server is located). This will allow your VM to communicate with the VPN server through a secure, dedicated connection.

Solution 5: Use Azure Virtual Network Gateway

Azure Virtual Network Gateway allows you to create a secure, managed VPN gateway for your VNet. You can configure this gateway to connect to your on-premises network, allowing your VM to communicate with the VPN server.
Mohammed aaqib 0 Reputation points

2024-07-12T14:22:02.49+00:00

Thankyou very much for your response, If it's not a problem could you please tell how do I implement solution 3 or 4?
Udayashankar K.N 80 Reputation points Microsoft Employee

2024-07-15T04:51:35.7466667+00:00
Start the virtual machine -> Install OS -> Configure IP Addresses and rename the network connections (for better management and config) by noted MAC addresses-> Install Network Access and Protection Role - Select RRAS -> Start RRAS -> Configure -> Custom -> Select VPN Server, eventually NAT => Configure LAN network as a Private Network and WAN as a Public Network
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

1 answer

KapilAnanth-MSFT 46,676 Reputation points Microsoft Employee

2024-07-15T08:33:32.9566667+00:00
@Mohammed aaqib ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

It appears you are using a 3rd party VPN inside an Azure VM

Is that correct?

Or are you using Azure P2S VPN and not a 3rd party?

If the RDP is getting dropped, even with a Bastion

This could only mean that the VPN Client you are connecting to is routing all the traffic including traffic within the VNET.

In that case, you have to check the configuration of your VPN Client only, and understand what are the routes that are learnt/advertised to your OS once you connect.

You can try using Azure Serial Console (for Windows)

Enable it by following the document

Then RDP to the VM and try to connect to the VPN

Once the RDP drops, try to access the VM using Serial Console

Run route PRINT

This should tell us where the traffic is headed.

NOTE : The above is just for troubleshooting.

You must work on the VPN Client to not advertise every traffic to route via the VPN Tunnel

Hope this helps.

Cheers,

Kapil
Please sign in to rate this answer.
Mohammed aaqib 0 Reputation points

2024-07-15T13:51:02.7033333+00:00

@KapilAnanth-MSFT Thankyou for your response,

Yes I am using a third party vpn service,

If I use azure serial console I won't be able to access the GUI of Windows which I require

Is there any alternate way like using it in a sandbox or something which seperates the network?

KapilAnanth-MSFT 46,676 Reputation points Microsoft Employee

2024-07-16T06:36:39.7466667+00:00

@Mohammed aaqib ,

As I mentioned, "The above is just for troubleshooting."

Not for regularly accessing the VM.

The idea here is to use the route PRINT command to understand the routing in the OS

Wrt, "Is there any alternate way like using it in a sandbox or something which separates the network?"

Since you said Azure Bastion, which uses private IP to connect to the VM did not work, I doubt having a sandbox VM to connect to this VM would also fail

Nevertheless, you can give it a try

However, you should work with the vendor to understand if the VPN itself supports such Virtual Machine scenarios.

If yes, then you must check how to influence VNET Address range's traffic to stay within the VM and not go via the VPN Tunnel

If you are able to do this, you can use Bastion as Bastion is from within the VNET's Address range

Cheers,

Kapil
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

How do I use a vpn inside a azure vm?

1 answer

Your answer