Share via

Azure vpn and sql server

ReCloudS 80 Reputation points
2023-06-07T08:20:04.29+00:00

I have already azure vpn client and virtual network gateway created and instead of adding firewall in the networking of sql server I want to add virtual network rule to access the server using azure vpn client and I have added the virtual network rule but still am unable to connect to the database and it is saying your client ip is not added in the firewall ? I just added the existing virtual network but still unable to access the database using azure vpn client ..

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,786 questions
SQL Server Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. KapilAnanth-MSFT 49,536 Reputation points Microsoft Employee Moderator
    2023-06-07T08:48:56.3833333+00:00

    @ReCloudS

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to access a Azure SQL server from a P2S VPN Client.

    Please note that the service you are looking for is Private EndPoint and not Service EndPoint (which you are using currently.).

    • Service EndPoint only works for VM and other resources deployed in an Azure Vnet.
    • They do not work with OnPrem servers.
    • When you add the Virtual Network in the SQL Networking tab, you are only allowing access to VMs in the VNet.
    • I believe you might have added Gateway subnet and expect resources from OnPrem and P2S VPN Clients, however, this is not supported AFAIK.
    • Refer : Secure Azure service access from on-premises | It appears this is only supported with ExpressRoute Public/MS Peering

    You must consider using a Private EndPoint.

    I have compiled a series of documents that might help you:

    Point to Note: You must also handle DNS when using a Private EndPoint

    Method1 : For Testing

    You can simply edit the host file of the P2S client server to resolved <yoursqlserver>.database.windows.net to the Private EndPoint's IP

    Method2 : Production grade and recommended for Scale

    Refer: Virtual network and on-premises workloads using a DNS forwarder

    • User's image
    • Using a DNS Forwarder in Azure is mandatory for this configuration to work
    • Now to make sure requests to *.database.windows.net are routed via P2S Tunnel, you must edit the P2S VPN Configuration to Add DNS suffixes
    <dnssuffixes>
          <dnssuffix>.database.windows.net </dnssuffix>
    </dnssuffixes>
    • Now to make sure the DNS queries actually go to the DNS forwarder you have created in Azure VNet, you must edit the P2S VPN Configuration to Add custom DNS servers
    	<dnsservers>
		<dnsserver><Azure DNS VM IP></dnsserver>
	</dnsservers>

    Kindly let us know if this helps or you need further assistance on this issue.

    Thanks,

    Kapil

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.