This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 42%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECT%3C/text%3E%3C/svg%3E)
I'm trying to connect to an Azure SQL server that has a private endpoint over a P2S VPN connection, but it doesn't seem to be working
My default VNet: 10.0.0.0/24
The server's private IP: 10.0.0.4
The VPN Address pool: 10.1.0.0/24
Using azure data studio I've tried to connect to the server at 10.0.0.4, and I get the not very helpful Cannot open server "10.0.0.4" requested by the login. The login failed. message. If I enable public internet access for the server/add my local public IP into the firewall rules I can then connect to it using the public IP, so I know that the credentials/server is fine, there's just something not working right with the VPN connection. (Similarly if I turn the VPN off I get error messages about not connecting to the server, so it seems like traffic is going to the right places)
Any ideas on what I need to do in order to allow connections over the VPN link to the server?
I believe you need to connect using the public FQDN as otherwise you will be routed through the regional SQL gateway. Just make sure your DNS resolution resolves to the private IP address.
Weird, totally missed that. Adding 10.0.0.4 diveoceanquest.database.windows.net to my hosts file then using the FQDN worked. Slightly more cumbersome than I would have wanted, but I can work with it - thanks!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 77%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHS%3C/text%3E%3C/svg%3E)
Hi Sir, i tried using the <server>.database.windows.net and also tried using the <server>privatelink.database.windows.net but instead of letting me in via the P2S VPN it asked me to login to the azure and add my home public ip address so that it can be allowed to access the database anytime i want to, so technically the P2S VPN is becomes irrelevant because my main goal is to get rid of the public access and adding my home public ip and use P2S VPN so whenever i go whether i am in a coffesshop or a railway station i can still connect via P2S VPN and not by adding the public IP whatever internet connection i am in to.
Hi Herald, it sounds like you are not routing through your VPN connection. Have you got your DNS records set up correctly to resolve to the private endpoint otherwise it will route over the Internet?
Hi @Chris Thornton Thank you for posting your Question on Microsoft Q&A and for using Azure services.
It is my understanding that you cannot connect to the DB that has private endpoint when using P2S.
When dealing with P2S and Private Link, issue is with the DNS resolution because Private Link DNS Resolution is limited to the VNET in Azure. So, there are 2 options
Either create a DNS Server in the VNET and make sure P2S Client uses it or create a host file in the PS2 Machine.
Please let us know if this works
Regards,
Oury
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 83%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWJ%3C/text%3E%3C/svg%3E)
Assuming you have already created a private endpoint connection for your azure SQL Server and you have a working Virtual Network Gateway all within the same Virtual Network then follow the steps below to connect to your sql server using an Azure P2S VPN.
You should be good to go now. Connect to your VPN and do an nslookup on your_sqlserver_name.database.windows.net and make sure the Private Endpoint private ip address shows up.