I deployed an openvpn virtual appliance and clients can reach peered networks, the VNET of the appliance itself, but not the network onpremise that is reachable via the virtual network gateway (routed VPN). When I use the P2S OpenVPN provided from Azure clients can reach onpremise network. What am I missing ?
2 Answers
1
votes
I deployed an OpenVPN appliance because Azure OpenVPN lacks ccd support. I solved the problem by adding the OpenVPN client IP range to the VNET address space. I then created a subnet with the same IP range. Obviously, you can't put any resource in this subnet. By then adding this subnet to the route, OpenVPN clients could traverse the gateway.
0
votes
After my test on my windows client, I can directly access the on-premise network from the Azure VPN gateway based VNet or access the resources in the VPN based VNet from the on-premise network. You could follow these tutorials:
- Configure a Point-to-Site connection to a VNet using native Azure certificate authentication: Azure portal
- Set up OpenVPNĀ® Protocol on Azure VPN Gateway.
- Configure OpenVPN clients for Azure VPN Gateway
I have not deployed an OpenVPN virtual appliance, but I think it will be something like this: Point-to-Site (P2S) connection using OpenVPN infrastructure
According to this quick start, If you use a virtual VPN appliance, It is necessary to create a routing table on Azure so that traffic to your VPN subnet is directed back to your VPN instance and enable IP forwarding for this network interface. You could get more details about custom routes.
Feel free to let me know if I am misunderstanding you.
