Azure Kubernetes VPN site to site on premise troubleshoot

Jack Chuong 856 Reputation points
2021-11-23T04:13:38.663+00:00

Hi all,
I created Azure Kubernetes service and deployed my app to it. My app need to authenticate with Active Directory on premise , so I created VPN site to site between Azure and my on premise (Fortinet device - domain controller on premise network 192.168.0.0/24).
I follow instruction here https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
The Connection status is connected but how can I make sure that my app (my pod ?) can connect to domain controller on premise successfully ?
I tried SSH to Azure Kubernetes Service (AKS) cluster node (ubuntu) and ping my domain controller but it failed

Here some info about AKS and VPN connecion:
AKS virtual net : 10.0.0.0/8
151568-1.png

AKS
151607-2.png

VPN connection
151586-3.png

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,513 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,073 questions
{count} votes

Accepted answer
  1. Jack Chuong 856 Reputation points
    2021-11-23T09:17:50.833+00:00

    Hi all,
    The issue is fixed, the reason is my network team hasn't add route , sorry for bother you guys.


1 additional answer

Sort by: Most helpful
  1. Jack Chuong 856 Reputation points
    2021-11-23T07:39:02.05+00:00

    @SRIJIT-BOSE-MSFT thank you for your reply, here the result
    root@aks-agentpool-39719571-vmss000004:/# nping -c 10 --tcp 192.168.0.103

    Starting Nping 0.7.60 ( https://nmap.org/nping ) at 2021-11-23 07:35 UTC  
    SENT (0.0353s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40  seq=2939769783 win=1480  
    SENT (1.0356s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40  seq=2939769783 win=1480  
    SENT (2.0369s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40  seq=2939769783 win=1480  
    SENT (3.0381s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40  seq=2939769783 win=1480  
    SENT (4.0393s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40  seq=2939769783 win=1480  
    SENT (5.0405s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40  seq=2939769783 win=1480  
    SENT (6.0417s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40  seq=2939769783 win=1480  
    SENT (7.0429s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40  seq=2939769783 win=1480  
    SENT (8.0442s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40  seq=2939769783 win=1480  
    SENT (9.0451s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40  seq=2939769783 win=1480  
      
    Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A  
    Raw packets sent: 10 (400B) | Rcvd: 0 (0B) | Lost: 10 (100.00%)  
    Nping done: 1 IP address pinged in 10.08 seconds  
    root@aks-agentpool-39719571-vmss000004:/# nping -c 10 --tcp 192.168.0.104  
      
    Starting Nping 0.7.60 ( https://nmap.org/nping ) at 2021-11-23 07:35 UTC  
    SENT (0.0370s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40  seq=3766330681 win=1480  
    SENT (1.0372s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40  seq=3766330681 win=1480  
    SENT (2.0384s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40  seq=3766330681 win=1480  
    SENT (3.0406s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40  seq=3766330681 win=1480  
    SENT (4.0417s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40  seq=3766330681 win=1480  
    SENT (5.0430s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40  seq=3766330681 win=1480  
    SENT (6.0442s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40  seq=3766330681 win=1480  
    SENT (7.0453s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40  seq=3766330681 win=1480  
    SENT (8.0464s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40  seq=3766330681 win=1480  
    SENT (9.0483s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40  seq=3766330681 win=1480  
      
    Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A  
    Raw packets sent: 10 (400B) | Rcvd: 0 (0B) | Lost: 10 (100.00%)  
    Nping done: 1 IP address pinged in 10.08 seconds  
    
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.