Site to Site (local subnet to Azure and back)

Post Reply
YnS
OpenVpn Newbie
Posts: 2
Joined: Fri Aug 09, 2019 10:50 pm

Site to Site (local subnet to Azure and back)

Post by YnS » Fri Aug 09, 2019 11:09 pm

Hi All,

I just recently came across openvpn and i have setup a OpenVPN Access server (10.0.0.9) on Azure. Everything is setup and i can access my virtual machines running in azure in subnet 10.0.0.0/24 from my local subnet. But i can't seem to reach my local subnet from the private azure network.

So this i how everything is setup.

Azure Subnet 10.0.0.0/24 with routes added to VPN client Subnet and the local subnet

Routes 172.27.224.0/20 >next hop type "Virtual Appliance" > next hop 10.0.0.9
Routes 192.168.2.0/24 >next hop type "Virtual Appliance" > next hop 10.0.0.9

Ip forwarding is enabled.

I can reach the VPN client ip from my azure vm that's in the 172.27.224.0/24 subnet.

i check the routes on the openvpn server and that looks like this:

default via 10.0.0.1 dev eth0 proto dhcp src 10.0.0.9 metric 100
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.9
168.63.129.16 via 10.0.0.1 dev eth0 proto dhcp src 10.0.0.9 metric 100
169.254.169.254 via 10.0.0.1 dev eth0 proto dhcp src 10.0.0.9 metric 100
172.27.224.0/21 dev as0t0 proto kernel scope link src 172.27.224.1
172.27.232.0/21 dev as0t1 proto kernel scope link src 172.27.232.1
192.168.2.0/24 dev as0t1 proto static

i have enabled "Allow access from these private subnets to all VPN client IP addresses and subnets" in the vpn setting config. "

I also configured VPN Gateway
Configure VPN Gateway:Yes
Allow client to act as VPN gateway
for these client-side subnets: 192.168.2.0/24

Am i missing something or maybe this isn't even possible?

Thanks for the and help

novaflash
I should be on the dev team.
Posts: 1017
Joined: Fri Apr 13, 2012 8:43 pm

Re: Site to Site (local subnet to Azure and back)

Post by novaflash » Sat Aug 10, 2019 10:10 am

It should certainly be possible. Are you sure that you have set in VPN Settings under routing the option to "allow access to private subnets" the toggle to YES, USING *NAT*?

YnS
OpenVpn Newbie
Posts: 2
Joined: Fri Aug 09, 2019 10:50 pm

Re: Site to Site (local subnet to Azure and back)

Post by YnS » Sat Aug 10, 2019 7:01 pm

Hi,

Accessing private subnets on server side is no problem.

The problem is i also enabled "Allow access from these private subnets (10.0.00/24) to all VPN client IP addresses and subnets" but this isn't working. I'm able to ping VPN client ip address , when i you use tracert i can see the traffic is fowing through the private ip of the access server (10.0.0.9) and reaching the vpn client.

When i ping a local subnet for example 192.168.2.30 the tracert reaches the access server (10.0.0.9) but times out afterwards.

User avatar
billl
OpenVpn Newbie
Posts: 1
Joined: Wed Sep 11, 2019 8:41 pm

Re: Site to Site (local subnet to Azure and back)

Post by billl » Thu Sep 12, 2019 6:23 pm

Hi YnS-

I am working on the exact same problem. If you have solved it, could you please post your solution? If not, would you want to work on it together? I think you can get my email from my profile. If not, let me know.

Thanks!

novaflash
I should be on the dev team.
Posts: 1017
Joined: Fri Apr 13, 2012 8:43 pm

Re: Site to Site (local subnet to Azure and back)

Post by novaflash » Thu Sep 12, 2019 6:33 pm

These problems are almost always down to some route missing somewhere. It is useful to use tcpdump to track traffic on the access server and the vpn client gateway system. Then ping from one far end to another far end and see where traffic stops. You can also contact the support ticket system on our website to get help with this.

novaflash
I should be on the dev team.
Posts: 1017
Joined: Fri Apr 13, 2012 8:43 pm

Re: Site to Site (local subnet to Azure and back)

Post by novaflash » Thu Sep 12, 2019 6:34 pm


Post Reply