Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,796 questions
Cant access azure recources inside the vnet from a p2s vpn connection
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 62%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
Dorian Perić
0
Reputation points
Soo i've setuped a VPN gateway inside a vnet that's peered with another vnet which holds my ILB ASE.
My goal was to use that gateway to establish a p2s connection with my ubuntu worker so I can deploy code on the ASE. I've setupped my certs as shown in the docs (https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-cert-linux#cli) and uploaded them onto the vnet gateway in the p2s configuration. In addition to that I've setupped route tables and peered the two networks, no NSG-s for the subnets. I can connect w/o problem but when i try to ping the ASE my request time outs. To troubleshoot i've added another ILB ASE in the VPN gateway network and when i ping it also timeouts. in the .ovpn file i've also added the following lines:
route 10.2.0.0 255.255.0.0
route 10.3.0.0 255.255.255.0
push "route 10.2.0.0 255.255.0.0"
because the inbound private ip of the ASE is 10.2.1.4. I've tried pinging from my windows pc (while connected ofcourse) and these were my route tables before i pinged:
Destination Netmask Gateway Interface Metric
10.1.0.0 255.255.0.0 10.3.0.1 10.3.0.2 281
10.2.0.0 255.255.0.0 10.3.0.1 10.3.0.2 281
10.3.0.0 255.255.255.0 On-link 10.3.0.2 281
10.3.0.0 255.255.255.0 10.3.0.1 10.3.0.2 281
10.3.0.2 255.255.255.255 On-link 10.3.0.2 281
10.3.0.255 255.255.255.255 On-link 10.3.0.2 281 ........
if i try "tracert 10.2.1.4":
Tracing route to 10.2.1.4 over a maximum of 30 hops
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
Not really sure why it doesnt work, what else do i need to setup (both on the client and azure) for this deploy scenario to work, and can i use the following code to deploy from ubuntu:
INTERFACE_NAME=$(ip addr show | grep -E "tun[0-9]+" -o | head -n 1) echo "INTERFACE_NAME=$INTERFACE_NAME" >> $GITHUB_ENV
curl --interface "${{ env.INTERFACE_NAME }}" -X POST 'https://10.1.1.4/api/deploy' \-H 'Authorization: Bearer ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}' \-H 'Host: "my-web-app-name"'-H 'Content-Type: application/zip' \--data-binary '@/home/runner/work/"my-repo-name"/"my-repo-name"/"my-app-name"/bin/Release/net6.0/"my-app-name".zip'
Azure VPN Gateway
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,775 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,969 questions
{count} votes
-
KapilAnanth-MSFT 49,611 Reputation points Microsoft Employee Moderator2023-04-20T06:05:47.6433333+00:00 Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
Load Balancers in Azure, both ILB and ELD do not support ICMP Ping.
So testing connectivity using ICMP will not lead us to conclusions.
You can use TCPPings and specify a port to verify connectivity. From powershell,
- Test-NetConnection -ComputerName <ASE ILB FrontEnd IP> -Port <Port at which ILB is configured to accept requests>
- Or use PsPing
With that said, please make sure the set up is working from a VM in Hub Vnet. Once you have verified this, you can further extend this to the P2S Clients.
Also, I see you have mentioned, "setupped route tables and peered the two networks"
- Technically, you should not set up any route table manually
- Enabling Gateway Transit in the peering should automatically advertise Spoke routes to the VPN remote clients.
Cheers, Kapil
-
Dorian Perić 0 Reputation points
2023-04-21T02:31:07.05+00:00 @KapilAnanth-MSFT i've tweaked a few things and now i get a response but the response is that
404 page...% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 9125k 100 2667 0 0 7861 0 --:--:-- --:--:-- --:--:-- 7844 <!DOCTYPE html> <html> <head> <title>Microsoft Azure Web App - Error 404</title> <style type="text/css"> html { height: 100%; width: 100%; } #feature { width: 960px; margin: 75px auto 0 auto; overflow: auto; } #content { font-family: "Segoe UI ...this is the code im using to do the actual deploy:
curl -k -X POST -u <ftpsusername>:<ftpspassword> --data-binary '@<path-to-my-zip-file>' https://<private-ip-address>/<app-name>.scm.<app-name>.appserviceenvironment.net/api/zipdeploy -
KapilAnanth-MSFT 49,611 Reputation points Microsoft Employee Moderator
2023-04-24T09:11:32.8866667+00:00 @Dorian Perić Getting a 404 HTTP response indicates that the connectivity is fine and working. I suspect the issue is because you are accessing the ILB in "https://<private-ip-address>/<app-name>.scm.<app-name>.appserviceenvironment.net/..". Rather,
- can you try accessing the site, via "https://<app-name>.scm.<app-name>.appserviceenvironment.net/...."
- Make sure you have mapped the IP of the ILB to the <app-name>.scm.<app-name>.appserviceenvironment.net using Host file. Please let us know if this helps.
-
KapilAnanth-MSFT 49,611 Reputation points Microsoft Employee Moderator
2023-04-25T03:47:17.6766667+00:00 Can you please update us if the action plan provided was helpful? Should there be any follow-up questions or concerns, please let us know and we shall try to address them.
Thanks, Kapil
-
KapilAnanth-MSFT 49,611 Reputation points Microsoft Employee Moderator
2023-04-26T13:23:18.7866667+00:00 @Dorian Perić May I know if you got a chance to review my previous comment? Please let me know if you are facing any challenges or if there are any follow-up questions, I shall be glad to address them. Thanks, Kapil
Sign in to comment
Sign in to answer