why cant i connect to the vpn?

Question

I have set up a site to point vpn as per the various youtube videos and guides.

Having no luck with connecting, I have deleted all and started again - three times over! I am convinced that all the settings are correct, however when I try to connect from a client the connection fails with the message "No connection could be made because the target machine actively refused it"

Here are the steps:

1. created a new virtual network with ipv4 space 172.16.10.0/25
2. created a subnet for virtual machines 172.16.10.0/26
3. created a second subnet with purpose='virtual network gateway' 172.16.10.64/27
4. set up a VpnGw1AZ VPN gateway, with ip subnet for clients of 192.168.180.0/24 using azure active directory authentication

when i try to connect i get "No connection could be made because the target machine actively refused it"

when i check the logs on the gateway there are no entries

please help!

Answer 1

Your issue sounds like you have not fully set up the entra applications correctly. You could try to follow https://learn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant

Answer 2

Hello Clifford IT 2

A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer. A P2S connection is established by starting it from the client computer.

Refer document: How to Configure P2S VPN Gateway for Microsoft Entra ID authentication

Meantime,

If your VPN client is unable to reach the Azure VPN Gateway to initiate the handshake, this usually indicates:

• Wrong protocol or authentication method
• Azure AD not properly configured for VPN
• Incorrect client configuration
• Firewall or port issues
• Gateway not actually listening for your authentication type
• Misconfigured P2S address pool or subnet

Here are a few things you can check:

1. Subnet and IP Address Configurations: Review the IP address definitions to ensure there are no overlaps between the Azure Virtual Network and any on-premises networks. The IP assigned to your VPN clients (192.168.180.0/24) should not conflict with other subnets.
2. VPN Gateway Configuration: Double-check that the VPN gateway type in Azure is set correctly and matches the VPN type you are trying to use. You mentioned using a VpnGw1AZ SKU; ensure that’s correctly set in the Azure portal.
3. Network Security Groups (NSGs): Ensure there are no NSGs applied to the gateway subnet that might be blocking traffic. Verify the rules and update or remove any that conflict with your VPN traffic.
4. Shared Key Consistency: Make sure that the shared key configured on your VPN client matches the one specified in Azure. You can check the shared key by navigating to your VPN connection in the Azure portal under Connections.
5. VPN Client Logs: Since you mentioned there are no entries in the gateway logs, consider checking the client-side logs for more information. This might give you insight into what is failing.
6. Diagnostic Tools: Use Azure Network Watcher’s diagnostic tools to assess your VPN connection. This can help you identify common configuration issues.
7. Root Certificate: If you’re using Azure Active Directory (AAD) authentication, ensure that the necessary root certificates are uploaded to the VPN gateway.

Refer: Troubleshooting: Azure point-to-site connection problems

---

Can you please update us if the action plan provided was helpful?

Should there be any follow-up questions or concerns, please let us know and we shall try to address them.