Azure VPN P2S

Greg M 20 Reputation points
2023-05-20T01:36:00.7766667+00:00

I have gone through a ton of docs as well as trial and error. I am stuck and would welcome assistance. What I am trying to accomplish seems like it should be straightforward. Easiest for me to express as if I am writing up a bug, so here it goes:

Steps to reproduce:
1 setup vnet
  a address space 10.0.0.0/16
  b default subnet 10.0.0.0.0/24

2 setup vnet gateway
  a vpngw2
  b virtual network from step 1
  c subnet range 10.0.1.0/24
  d create new public IP

3 configure point to site within vnet gateway
  a IKEv2 and OpenVPN protocols
  b 172.16.201.0/24 address pool
  c configure certificate authentication

4 configure clients
  a install root authority key from step 3
  b install client private key from step 3
  c use downloaded Azure files to configure client

5 attempt to connect to azure vnet gateway from client

Expected results:
Client connects to Azure VPN and has access to resources on vnet from step 1

Actual results:
Both Mac and Windows clients timeout when attempting to connect to VPN
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,451 questions
{count} votes

Accepted answer
  1. KapilAnanth-MSFT 41,071 Reputation points Microsoft Employee
    2023-05-25T03:48:24.2766667+00:00

    @Greg M

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you are using Azure P2S VPN with certificate authentication and IKEV2-OpenVPN Protocols.

    The remote machines are using Azure VPN Client from MS Store. (Windows).

    • I suggested to check "Run Diagnostics" and share the output from the right window on what's the error.

    User's image

    • However, you informed the imported xml configuration could not be saved to begin with and you were using Native windows client.
    • Then I suggested, in the VPN Client, can you select the Certificate information as "DigiCert Global Root CA" and give it a try?
    • Please uninstall the VPN Client App and reinstall it from MS Store
    • To make sure we have the latest version.
    • In case that does not help, download it directly from https://aka.ms/azvpnclientdownload
      • If the issue persists, can you please repeat the steps from a different windows machine (to make sure this is not a OS issue)
    • You informed this was working from an Azure VM and a different server - indicating there is something in the OS blocking the profile addition.
    • Then you checked the difference between the devices and found that the rasman service was disabled.
      • It's why we could not save the configuration in the Azure VPN client. I started the rasman service.
      • Post this, importing the configuration downloaded from Azure for the VPN connected successfully.

    Thanks,

    Kapil


    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. risolis 8,711 Reputation points
    2023-05-20T04:14:49.3666667+00:00

    Hello @Greg M

    Thank you for posting this concern on this community.

    I wonder if you might answer following questions down below:

    1. Are you using Azure VPN Client?
    2. Are you using OpenVPN client?
    3. which one is the Azure VPN Client version used?
    4. which one is the OpenVPN Client version used?
    5. Did you check the MTU value for each OS PC? If i am not mistaken it might be 1400... I know that the default one is 1500

    I hope that can be useful for you.

    Looking forward to hearing from you

    Cheers,

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.