I'm trying to get the external IP Address of clients connected over Terminal Services through a Terminal Services Gateway.
I can get the IP Address using WTSQuerySessionInformation if I'm not connected through the gateway, but I get nothing but 0's when I run the same app through the gateway.
Related
I am trying to login to a newly created sql server in azure.
Before connection, I am adding my client ip programmatically using azure-python sdk.
Once my client ip is added, I try to login to database.
ProgrammingError: ('42000', "[42000] [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Cannot open server 'x' requested by the login. Client with IP address 'yyy.yy.yy.yy' is not allowed to access the server. To enable access, use the Windows Azure Management Portal or run sp_set_firewall_rule on the master database to create a firewall rule for this IP address or address range. It may take up to five minutes for this change to take effect. (40615) (SQLDriverConnect)")
This ip is different from the public ip that I get in my machine. What is the reason? I am connected to my company vpn.
I used this to retrieve my client ip - https://checkip.amazonaws.com/ - xxx.xx.xx.xx
Also, used the add client ip in azure - this gives the same result as xxx.xx.xx.xx.
What is the ip yyy.yy.yy.yy here? How can I retrieve this so that I will be able to whitelist this programmatically?
My suspicion is that you are connecting to your Azure service via your VPN tunnel, not your primary interface; therefore you would not be presenting your public IP to the Azure service. The IP you are fetching from your checkip URL is your public IP.
You can verify this by checking the output of route print in a Windows terminal or simply route in Linux. While your VPN is active, you should see the subnet of your Azure service listed with an interface that does not match your LAN IP. Something like this:
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.12 25
172.31.0.0 255.255.0.0 10.168.0.100 10.168.44.64 1
In the above example, the first row shows my LAN interface as the default route (192.168.2.12) which will be used for everything (0.0.0.0); except when I'm trying to get to 172.31.0.0/16 (my "azure service", hypothetically). In which case the 10.168.44.64 interface is used, which in this case is a VPN interface.
The default interface that uses 192.168.2.12 would present my public IP to services online that do not match the VPN rule, for example, your checkip URL.
If this is the case, then you'll want to add that subnet specified by the route command for your VPN interface, or the exact IP, depending on your requirements. In this example it would be 10.168.0.100.
If you wanted to do it programmatically, then you'd have to fetch the current IP of your VPN interface.
I am setting up an Azure VPN Gateway in order for my Azure VM to connect to a remote RTSP feed, following this documentation: https://learn.microsoft.com/fr-fr/azure/vpn-gateway/tutorial-site-to-site-portal.
What I have done:
Create a virtual network + a subnet and a Virtual Machine
Create the VPN Gateway in the same virtual network
Create a local network gateway with the Public IP and IPs range of the remote network that contains the RTSP feeds
Create the site to site VPN connection with needed shared access key.
The status of the VPN connection is "connected", as you can see in below picture:
Moreover, the subnet on which my azure virtual machine is, is in the same virtual network as the subnet of the VPN Gateway:
From what I understand, as long as the VM is in the virtual network of the Gateway, I should be able to reach the remote network...
Expected behaviour: I should be able to reach the following IP addresses: 192.168.250.30/32 that are on the remote network, from my azure virtual machine.
Actual behavior: From my azure virtual machine, I'm still unable to reach the remote network.
Any ideas where the problem can come from?
If the issue is that the Azure VM's are not getting gateway routes, then a gateway reset should be tried first and the gateway reset needs to be done twice.
Reference :
VPN gateway Reset
References for S2S VPN issues troubleshooting:
S2S VPN cannot connect and stops working
S2S VPN disconnects intermittently
Note : If this doesn’t solve your issue then please reach out to Azure support for more troubleshooting as it may need assisted support by clicking (Support+Help) and creating a technical support request. Please validate your Onprem VPN device as well.
And as Andriy Bilous has mentioned in comments section:
You should see default gateway on your VM routing table. Default Gateway is responsible for routing traffic further. Can you see that
tunnel is UP on your VPN onpremise device.
If no VPN Gateway subnet (10.0.0.0/28) in your VM route table - You may add route to VM using route command. Example: route ADD 10.0.0.0
MASK 255.255.255.240 [Your Gateway IP address]
I set up the Point to site vpn in azure vnet with virtual network gateway which is working fine using openvpn . Now i can able to connect to azure vm via private ip but i could not able to access internet from my Host Machine (Local machine where i connected my vpn ).
**Before VPN Set up i can able to connect to Internet Please click below for ping results **
Before VPN connected ping results
**After VPN Set up i cannot able to connect to Internet Please click below for ping results **
After VPN connected ping results
For the Host Machine to be blocked something must have changed on the Host machine or on the subnet on which it is located.
When setting up a VPN, you should set up a gateway subnet that is used only for that.
Have you used the subnet on which the VM is located as the gateway subnet?
A third party webservice has whitelisted the public static IP address of my Azure Application Gateway.
I would like to be able to ping/telnet to the IP address of the service from the IP address of my application gateway. Is this possible?
How can I test connectivity from my Application Gateway to that service?
You will not be able to test connectivity from Azure Application Gateway. In App Service you get an option to KUDU console from where you can do TCPPing to test connectivity.
You need to work with your Third party web Service to try access Application Gateway and check the Access logs whether you got any request and response.
How would I get the LAN IP of a user connected to my node.js app ?
I can get the WAN IP, but not sure how to get the LAN IP. I tried this
How can I get the local IP address in Node.js?
but all it does is give the LAN IP of the machine the node app is running on.