Return route to appliance from peered network

Question

Return route to appliance from peered network

Ashley 1

Hi All,
I have two vnets peered together, one has an openvpn appliance providing p2s vpn services. I'm trying to connect to a resource in the remote vnet across the vpn and I'm getting connection timeouts. For resources in the same vnet as the openvpn setup we added a customer route to route the vpn's ip pool addresses back to the appliance. This works. I associated this same route table with the remote vnet but this hasn't resolved the issue. After creating a vm in the remote vnet to get a view of the effective routes I realise that the next hop when in the remote vnet is probably not accessible without the next hop address needing to being routed. Is there some way to get the returning traffic for a specific range of non-vnet addresses back to an ip peered network? If so, how?

Regards,

Ashley

GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2022-06-14T12:09:36.867+00:00

Hello @Ashley ,

Could you please provide an update on this post?

I understand you have a hub and spoke topology with an OpenVPN NVA (Network Virtual Appliance) in the hub Vnet and you have peered it to the spoke Vnet and would like to access a resource in the spoke vnet.

Could you please clarify this statement "added a customer route to route the vpn's ip pool addresses back to the appliance"? Is it a UDR associated to the hub subnets with VPN IP pool range and next hop as the OpenVPN NVA?

Regards,
Gita
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2022-06-21T14:00:09.667+00:00

Hello @Ashley ,

Could you please provide an update on this post? And share the requested details for further investigation of this issue?

Regards,
Gita

1 answer

Your answer

GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2022-06-14T12:09:36.867+00:00

Hello @Ashley ,

Could you please provide an update on this post?

I understand you have a hub and spoke topology with an OpenVPN NVA (Network Virtual Appliance) in the hub Vnet and you have peered it to the spoke Vnet and would like to access a resource in the spoke vnet.

Could you please clarify this statement "added a customer route to route the vpn's ip pool addresses back to the appliance"? Is it a UDR associated to the hub subnets with VPN IP pool range and next hop as the OpenVPN NVA?

Regards,
Gita
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2022-06-21T14:00:09.667+00:00

Hello @Ashley ,

Could you please provide an update on this post? And share the requested details for further investigation of this issue?

Regards,
Gita

Answer 1

Hello @Ashley

Thank your for your post.

I was reading at your scenario description, I could see that you need some help on this one.

For instance, I would like to get more familiar if possible so, read below:

-Is this just 2 spokes instances or do you have hub-and-spoke Vnet design?
-You were mentioning that a customer route was added on the P2S pool range but the question is.... Do you configure any UDR(User Defined routes) routing table?
-When you said that there is a OpenVPN appliance... Are your referring to a Network Virtual Appliance(NVA)??

Furthermore, This brought my attention ...

After creating a vm in the remote vnet to get a view of the effective routes I realise that the next hop when in the remote vnet is probably not accessible without the next hop address needing to being routed.

For that same statement, I was asking you if you have a hub-and-spoke design as well as UDR routing table...

Looking forward to your feedback,

Best Regards,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Share via

Return route to appliance from peered network

1 answer

Your answer