Hi all,
The issue is fixed, the reason is my network team hasn't add route , sorry for bother you guys.
Azure Kubernetes VPN site to site on premise troubleshoot
Hi all,
I created Azure Kubernetes service and deployed my app to it. My app need to authenticate with Active Directory on premise , so I created VPN site to site between Azure and my on premise (Fortinet device - domain controller on premise network 192.168.0.0/24).
I follow instruction here https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
The Connection status is connected but how can I make sure that my app (my pod ?) can connect to domain controller on premise successfully ?
I tried SSH to Azure Kubernetes Service (AKS) cluster node (ubuntu) and ping my domain controller but it failed
Here some info about AKS and VPN connecion:
AKS virtual net : 10.0.0.0/8
AKS
VPN connection
-
Jack Chuong 856 Reputation points
2021-11-23T09:17:50.833+00:00
1 additional answer
Sort by: Most helpful
-
Jack Chuong 856 Reputation points
2021-11-23T07:39:02.05+00:00 @SRIJIT-BOSE-MSFT thank you for your reply, here the result
root@aks-agentpool-39719571-vmss000004:/# nping -c 10 --tcp 192.168.0.103Starting Nping 0.7.60 ( https://nmap.org/nping ) at 2021-11-23 07:35 UTC SENT (0.0353s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40 seq=2939769783 win=1480 SENT (1.0356s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40 seq=2939769783 win=1480 SENT (2.0369s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40 seq=2939769783 win=1480 SENT (3.0381s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40 seq=2939769783 win=1480 SENT (4.0393s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40 seq=2939769783 win=1480 SENT (5.0405s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40 seq=2939769783 win=1480 SENT (6.0417s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40 seq=2939769783 win=1480 SENT (7.0429s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40 seq=2939769783 win=1480 SENT (8.0442s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40 seq=2939769783 win=1480 SENT (9.0451s) TCP 10.240.0.4:22034 > 192.168.0.103:80 S ttl=64 id=2927 iplen=40 seq=2939769783 win=1480 Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A Raw packets sent: 10 (400B) | Rcvd: 0 (0B) | Lost: 10 (100.00%) Nping done: 1 IP address pinged in 10.08 seconds root@aks-agentpool-39719571-vmss000004:/# nping -c 10 --tcp 192.168.0.104 Starting Nping 0.7.60 ( https://nmap.org/nping ) at 2021-11-23 07:35 UTC SENT (0.0370s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40 seq=3766330681 win=1480 SENT (1.0372s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40 seq=3766330681 win=1480 SENT (2.0384s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40 seq=3766330681 win=1480 SENT (3.0406s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40 seq=3766330681 win=1480 SENT (4.0417s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40 seq=3766330681 win=1480 SENT (5.0430s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40 seq=3766330681 win=1480 SENT (6.0442s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40 seq=3766330681 win=1480 SENT (7.0453s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40 seq=3766330681 win=1480 SENT (8.0464s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40 seq=3766330681 win=1480 SENT (9.0483s) TCP 10.240.0.4:19333 > 192.168.0.104:80 S ttl=64 id=5309 iplen=40 seq=3766330681 win=1480 Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A Raw packets sent: 10 (400B) | Rcvd: 0 (0B) | Lost: 10 (100.00%) Nping done: 1 IP address pinged in 10.08 seconds