Problems setting up Azure Point to Site VPN

Simon Götz 0 Reputation points
2024-06-15T08:17:29.3433333+00:00

Hi guys, this is my first question here and I hope that I don't miss any relevant information or rules.
I am trying to setup a vpn gateway to be able to vpn into my private azure network to access a database that is running in one of the subnets.
I am on linux so I try setting up a Point-to-site think.
as AdressPool i have tried: 172.16.201.0/24 but also 10.1.0.0/24
the selected tunneltype is IKEv2 and OpenVPN.

I have created a self signed certificate using these instructions:
https://www.ismailzai.com/blog/azure-vpn-gateway-openvpn-openssl
Now the problem, when starting the connection nothing really happens. In the logs I can see that it is running in a loop trying to build up a connection. Here the logs from openvpn:
2024-06-15 09:58:07 OpenVPN 2.5.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 14 2024 2024-06-15 09:58:07 library versions: OpenSSL 3.3.0 9 Apr 2024, LZO 2.10 2024-06-15 09:58:13 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2024-06-15 09:58:13 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2024-06-15 09:58:13 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2024-06-15 09:58:13 TCP/UDP: Preserving recently used remote address: [AF_INET]4.185.151.49:443 2024-06-15 09:58:13 Socket Buffers: R=[131072->131072] S=[16384->16384] 2024-06-15 09:58:13 Attempting to establish TCP connection with [AF_INET]4.185.151.49:443 [nonblock] 2024-06-15 09:58:13 TCP connection established with [AF_INET]4.185.151.49:443 2024-06-15 09:58:13 TCP_CLIENT link local: (not bound) 2024-06-15 09:58:13 TCP_CLIENT link remote: [AF_INET]4.185.151.49:443 2024-06-15 09:58:13 TLS: Initial packet from [AF_INET]4.185.151.49:443, sid=c1c7b705 d3140cf0 2024-06-15 09:58:13 VERIFY OK: depth=2, C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 2024-06-15 09:58:13 VERIFY OK: depth=1, C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 07 2024-06-15 09:58:13 VERIFY KU OK 2024-06-15 09:58:13 Validating certificate extended key usage 2024-06-15 09:58:13 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Server Authentication 2024-06-15 09:58:13 ++ Certificate has EKU (oid) 1.3.6.1.5.5.7.3.2, expects TLS Web Server Authentication 2024-06-15 09:58:13 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2024-06-15 09:58:13 VERIFY EKU OK 2024-06-15 09:58:13 VERIFY X509NAME OK: C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=93f70060-c046-40a2-8f98-25471a60f3b4.vpn.azure.com 2024-06-15 09:58:13 VERIFY OK: depth=0, C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=93f70060-c046-40a2-8f98-25471a60f3b4.vpn.azure.com 2024-06-15 09:58:13 Connection reset, restarting [0] 2024-06-15 09:58:13 SIGUSR1[soft,connection-reset] received, process restarting 2024-06-15 09:58:13 Restart pause, 5 second(s)

Can you guys spot at which step my communication attempts are going sideways? And what might be the root cause of it?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,554 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.