Not be able to connect to Azure SQL after connect through VPN - azure

I am having a really wired problem with my home laptop.
Below is what I have done:
I have set up my own VPN via AWS.
I added VPN ip address to Azure SQL firewall ip table
By not having VPN, I can connect to Azure easily.
However, once I connect to the VPN, I got error when I try to connect to Azure.
Error message:
A connection was successfully established with the server, but then an
error occurred during the pre-login handshake. (provider: TCP
Provider, error: 0 - The specified network name is no longer
available.)
On the other hand, I can use VPN and connect to Azure SUCCESSFULLY from my office desktop.
I believe this is something to do with my Home laptop settings.
but even I disabled firewall on windows 7,
and after disable firewall on azure SQL as well.
I still having same connection problem
any ideas?

Try opening up the SQL Azure firewall to all addresses to do a test. Maybe when you VPN in, you are leaving through a proxy and so your actualy IP address to Azure is different. You can set up something like:
IP range start: 0.0.0.0
IP range end: 255.255.255.255
If that works, then maybe you can do something with masking your VPN address like:
10.10.0.0 - 10.10.255.255

By not having VPN, I can connect to Azure easily. However, once I connect to the VPN, I got error when I try to connect to Azure.
Some VPNs support co-existence with normal internet connections while others don’t. I am not sure if AWS VPN supports that or not. If not, when you connect to the VPN, you lose your internet connection and thus cannot connect to SQL Azure.
On the other hand, I can use VPN and connect to Azure SUCCESSFULLY from my office desktop.
If the issue is related to firewall setting, you can try to change the setting programmatically, please refer to http://blogs.msdn.com/b/sqlazure/archive/2010/07/29/10043869.aspx for a sample.
Best Regards,
Ming Xu.

Related

Azure VPN client azure active directory authentication

I am trying to implement a azure vpn to have a better understanding of the functionality of this resource.
Following azure documentation here:
https://learn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant
I am able to create all the resources and configure the azure vpn client.
I Downloaded the client and azure vpn, and imported the xml file and tried to connect.
Everything worked fine as I was able to login with my azure credential and connect to the vpn.
But here is the bit that I am a bit confused about.
Once the vpn established the connection, I got a IP address. so I thought that if I go on google to check my IP address, I would get the vpn address, but what I am seeing is my personal ip.
So maybe somebody can help me to understand how can I make sure that the vpn I am connecting to is actually working and generating a tunnel connection from my pc to azure AAD?
Please if my question Is not 100% clear, just ask for more information.
Thank you very much for your help
Azure P2S VPN connections do not support forced tunnelling so you will still be routing to the Internet from your local public IP address and not via Azure.
For testing, if you deploy a private resource in Azure such as a virtual machine then you should be able to access it via it's private IP address to confirm your VPN is working correctly.

Connect from Azure Windows VM (Windows Server 2012) to VPN using built-in VPN client

I am trying to connect to a VPN from a Windows VM on Azure and cannot do so. I am using the built-in Windows VPN Client.
I am connecting to this VPN in order to be able to access a server within that VPN and send and receive HTTP Requests.
I have been able to connect to this VPN normally on other devices using the built-in Windows VPN Client. I followed the exact same steps for the VM but receive the following error when trying to connect:
Error 800:The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly
Error
I have also opened ports 1723,1701,500,47,4500 in Azure portal for both inbound and outbound on the Azure Portal (screenshot
here)
I have also tried the steps described in this post:
Make a VPN Connection from Azure VM
But does not do what I want. I have the VPN's public IP and username/password, and nowhere does the above mention how to set this up.
Do I need any additional settings or open any other ports in order for this to work?
From your comment, it seems that you want to connect Azure VM to a server on your on-premise network with your local VPN device.
In this case, you could set up a site-to-site VPN connection to connect the Azure VNet and on-premise network following this tutorial: https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
After that, you can directly connect to your Azure VM with its private IP address from your on-premise server. In fact, you don't need to connect from Azure Windows VM (Windows Server 2012) to VPN using a built-in VPN client because once the VPN is connected, the traffic from the on-premise network to the Azure network goes through the VPN tunnel and vice versa. We don't need to connect from Azure VM just from on-premise resources.

Unable to connect to Azure VM through RDP but able to connect through Bastion

I was able to connect to Azure VM through RDP earlier but now suddenly I'm unable to connect to VM through RDP.
I tried to connect through Powersell.
Even powershell script was able to connect earlier but not working now. Myself didn't changed anything in Azure VM.
I'm getting below errors.
But I'm able to connect to VM through Bastion.
WinRM is already enabled in Azure VM.
I tried by creating new Azure VM and enabled RDP port 3389 but still getting same connection issue.
How to resolve issue.
When debugging RDP issues one tool I use to test connectivity from a windows client is:
start
run
cmd
telnet ip port
e.g telnet 99.99.99.99 3389
noting you may need to install the telnet client from windows features tool
Try this from multiple locations with different public addresses (including from the VM itself in some circumstances but clearly not for your issue).
Does it connect to the RDP Server listening port ?
If the answer is yes then you know the server is listening.
If the answer is no then the port is likely blocked, service is not available or a routing issue could be the cause.
Thinking out loud review the resources you have sitting in front of the VM:
window firewall (Disabling all firewall profiles is a more foolproof way of troubleshooting than setting the RDP-specific firewall rule, see REF)
local network outbound traffic blocks
firewall in front of the vm
Ref:
https://learn.microsoft.com/en-us/azure/virtual-machines/troubleshooting/enable-disable-firewall-rule-guest-os

IPsec site2site tunnel connected but not able to telnet/ping the other end

I've followed the microsoft guide on setting up an IPsec site2site tunnel here.
Setting this up has been successful and I'm able to see it successfully connected. To create some traffic and further test the connection I set up a VM, connected to its public IP, and tried to ping / telnet and Test-Connection on Powershell. But none of these were able to create some traffic.
I haven't been able to find any tutorials/guides etc. that actually go into the VM to test the connection. In the Microsoft guide it seemed to say something about the VMs private IP, but I'm not able to connect using the private IP, not sure why. This might be the issue. My VM is a windows datacenter 2019. Sorry for the open-ended question but I don't know where to go from here.
What might be reasons I can't ping the IPsec tunnel?
It looks like you have verified the VPN connection and its status is 'Succeeded' and 'Connected'.
The best way to initially verify that you can connect to your VM is to connect by using its private IP address.
You can find the Azure VM's private IP address from the Azure portal, and RDP connection to that Azure VM with its private IP address. If you can't RDP to that VM, see https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal#to-troubleshoot-an-rdp-connection-to-a-vm
Also, for network connection test, you should avoid associating a network security group (NSG) to that gateway subnet. Ensure there is no firewall blocking the RDP connection between the local machine and azure VM. Such as NSG or firewall inside the Azure VM and the local machine.
For more information:
Troubleshooting: Azure Site-to-Site VPN disconnects intermittently
Troubleshooting: An Azure site-to-site VPN connection cannot connect and stops working

Enable local Internet when connected to Azure VPN via VPN Client

I have an Azure (Classic) VNet with Point-to-Site enabled. I went through uploading a certificate and downloading the VPN Client. When I connect to the VPN, I am able to access all my resources fine, but this disables my local Internet access.
I found and went through this article which seemed applicable (if very cumbersome): http://www.diaryofaninja.com/blog/2013/11/27/deconstructing-the-azure-point-to-site-vpn-for-command-line-usage
I am unable to connect using the custom connection I created with it as it tells me the certificate is incorrect (though the .pbk it is based off works fine).
I suppose I could jump through some hoops to get internet to pipe through the VPN, but I really don't want that. I need to be able to hit the VMs in my VNet from an application that I am running locally, and I want to be able to pull the CDNs in over my local internet connection.
This shouldn't be this hard, should it?
Thanks,
~john
Have you ensured that the VPN address range you have defined in Vnet doesn't overlap with your LAN IP ranges? Say if your local workstation has private IP range in 192.168.x.x range, you can try setting VPN address range in 172.16.x.x range.

Resources