Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 days ago.
Improve this question
Hi am new to this networking stuff, been scratching my head over using one Virtual Gateway and one connection to connect to two different VNET that has been peered.
What I want to achieve:
Able to connect from VM C On Prem to VNET-02 VM B passing through VNET-01 and vice versa
What I have done:
VNET-01 Peered to VNET-02
Traffic to remote virtual network: Allow
Traffic forwarded from remote virtual network: Allow
Virtual network gateway or Route Server: Use this virtual network's gateway or Route Server
VNET-02 Peered to VNET-01
Traffic to remote virtual network: Allow
Traffic forwarded from remote virtual network: Allow
Use the remote virtual network's gateway or Route Server
On Prem Router (OpenWRT)
Forwarded Port 500 and 4500 to Libreswan VM to 192.168.7.40
Added Static Route:
Target: 10.17.5.0/24
Gateway: 192.168.7.40
Local Network Gateway
Address Spaces: 192.168.7.0/24
Libreswan VM Con
conn some-tunnel
authby=secret
auto=start
dpdaction=restart
dpddelay=30
dpdtimeout=120
ike=aes256-sha1;modp1024
ikelifetime=3600s
ikev2=yes
keyingtries=3
pfs=yes
phase2alg=aes128-sha1
left=[Virtual Gateway Public IP]
leftsubnets=10.17.5.0/24
right=%defaultroute
rightsubnets=192.168.7.0/24
salifetime=3600s
type=tunnel
What is working:
VM A on VNET 01 able to ping VM B on VNET 02 and vice versa
On Prem VM C able to ping VM A on VNET 01 and vice versa
What is not working:
On Prem VM C not able to ping VM B on VNET 02 and vice versa
Additional stuff tried:
Added another Static Route
Target: 10.17.5.0/24
Gateway: 192.168.7.40
Modified Libreswan Config File
leftsubnets: {10.17.5.0/24,10.17.4.0/24}
Outcome:
When i check ipsec.services, I can see 10.17.4.0/24 failed to connect to the tunnel.
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 months ago.
Improve this question
I am trying to setup a private AKS cluster which I want to manage from a user laptop using kubectl. I have tried to create a simple setup with one vNET, Azure VPN gateway with OpenVPN configuration, where the VPN Gateway is attached to one subnet of the vNET and AKS is configured via Azure CNI to live in another subnet of the same vNET. I have expected that this is all I would need to get manage the cluster as long as I am connected to the VPN (I understood that all subnets on a vNET are routed by default). But when I try to use kubectl I get Unable to connect to the server: dial tcp: lookup : no such host My network knowledge does not go too deep unfortunately, but should this just work? I mean it all lives within the same vNET. Thank you.
My setup is very similar and I ran into the same situation. This was a DNS issue for me.
If you have a private DNS zone with your private AKS cluster (should be in the resource group which was created for the AKS private cluster), go find the DNS record and IP address for the API server. Put that IP address into your hosts file (/etc/hosts if on linux or WSL) with the fully qualified domain name, then try your kubectl commands again.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 months ago.
Improve this question
I am using Azure App Service with P1V3 App Services Plan so that I can make use of Private Endpoint and vNET integration. vNET integration is configured on a subnet with NAT Gateway attached.
When my application calls outbound, my goal is to control the outbound IP and my expectation is, it should show the NAT ip as outbound ip. But, it does not! Here is my sample code-
App (.Net Core 3.1) is deployed in app service and I see IPV6 as outbound ip? Any idea why I am not seeing IPV4 (NAT ip)? You can see the result by accessing this url- https://whois.aspnet4you.com/api/values/getclientipv2
This is the network configuration at the moment-
Subnet looks like-
Outgoing ip showing here-
I want to give credit to Sakaldeep Yadav for his blog post- https://www.linkedin.com/pulse/integrate-azure-web-app-nat-gateway-vnet-get-static-outbound-yadav/
Here is what I did to solve the issue-
Add vNET Integration to app service as you do normally.
Removed all the services from Endpoint Service section at the Subnet. This was the culprit! If you add services to endpoint service specially Microsoft.Web, traffic is routed through Azure backbone and as RithwikBojja-MT explained you get to see ipv6 as outbound address.
This is how your subnet should look like- you don't manually add subnet delegation, it is added when you add the subnet to app service vNet integration. Now I can see NAT ip as outbound ip. Try it- https://whois.aspnet4you.com/api/values/getclientipv2
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I have Ubuntu running on a Microsoft Azure's virtual machine. I have a docker container running on it, and it has a web server attached to it. (Running on 172.17.0.1:80)
Now I'm trying to make it accessible publicly, using the Azure's public IP
In the Networking settings, I have tried to create an inbound port rule
But it's not working...
I've tried tracert to see where my ping goes when I try to connect to the IP, with no result.
I've done basic port routing in the past, but I can't figure out why this one is not working...
I just want to type 13.94.212.10 on my personal connection, and access the website.
Thank you in advance
If you want to access the application on your Azure VM publicly with its public Ip address.
You could whitelist you client public IP in the NSG rule like, add the client public IP in the Source IP addresses.
Please note that
If you specify an address for an Azure resource, specify the private
IP address assigned to the resource. Network security groups are
processed after Azure translates a public IP address to a private IP
address for inbound traffic, and before Azure translates a private IP
address to a public IP address for outbound traffic.
Read https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview#security-rules
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I am working on an architecture on azure where I need to create 3 private subnets where I have a bunch of vms with private address only and no public address but I want them to contact outside for updates and all but none in outside world can contact them (normal private subnet thing). In aws it is really easy as we just have to define a nat gateway and place it in public subnet also there are bunch of information on internet on how to do it but almost nothing for Azure. May be there is no concept or terminology like different subnets on Azure.
How I am planning to do it on Azure
Make a nat gateway and attach
to all private subnets.
Define a NSG where I will only define
outbound traffic to 0.0.0.0/0 and no inbound from it.
Default routes
Is this the right way to do it? any suggestions?
I believe you can attach a NAT Gateway to the Vnet and the outbound network flow will automatically default to the NAT gateway without requiring any other changes.
From one of the Azure NAT Gateway pages:
NAT gateways are defined with a property on a subnet within a virtual network. Flows created by virtual machines on subnet subnetname of virtual network vnetname will use the NAT gateway. All outbound connectivity will use the IP addresses associated with natgatewayname as the source IP address.
So, if the documentation is accurate, you should only have to create the NAT Gateway, associate it to the subnet(s) and the outbound flows will automatically use the NAT Gateway for outbound.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I've created a Windows VM from the Gallery as a standalone VM
I then created a second VM from the same image and in the Virtual Machive Mode of the creation wizard I select to 'Connect to Existing Virtual Machine' and select my first machine.
All is well.
However - I can't figure out how to RDP to that second machine.
As the two are load balanced they both share the same DNS entry and public IP. I can see two ports assigned for RDP, one for each machine, but I can't connect to the second one.
What am I missing?
You should be able to connect to any instance without any problems (I just tested and it works). This is how it should go:
Create your first VM, Name=vm001, Dns=vm001.cloudapp.net. This VM should contain 1 endpoint by default, port 3389 (both public & private port) for RDP.
Create your second VM and choose to connect to an existing virtual machine. Name=vm002, but you won't be able to choose the Dns. By connecting to an existing VM (vm001 in this case), you'll reuse the same Dns. In this case it would be vm001.cloudapp.net. Check the endpoints for this new virtual machine. You'll see an endpoint for RemoteDesktop with private port 3389, but the public port will be something different (like 62295 for example). Note that this enpdoint is not load balanced.
The fact that each VM has its own public port for RDP and that the endpoint is not load balanced should be enough to connect to the instances without any issues. This means:
vm001.cloudapp.net:3389 > vm001:3389
vm001.cloudapp.net:62295 > vm002:3398
If you still have issues connecting, go to the portal, select the VM and choose the connect button. Also check if your firewall allows you to connecton this random port (maybe your firewall allows connections to 3389 but not to 62295 for example).