Azure: Unable to connect to VMs in a peered VNet from P2S VPN

October 11, 2018 at 8:50 am in Azure, Azure Networking, Azure virtual network, P2S client, P2S VPN, RDP, VNet peering by Wim Matthyssen

These days when setting up a greenfield Azure IaaS environment for customers, we use the hub-spoke network topology with shared services. In this topology the HUB network is used as central point of connectivity and a place to host services that can be consumed by the different workloads hosted in the spoke VNets. All spokes are peered with this Hub network, to isolate all workloads. Whenever I work remotely on these environments, I mostly use a Point-to-Site (P2S) connection to securely connect to the different VNets from my client devices.

However last week while deploying a new environment for a customer, I stumbled upon a problem where I couldn’t RDP (private IP addresses) to the virtual machines (VMs) in the different spokes. The RDP access to the VM’s in the Hub VNet worked without any issues.

clip_image002

This is caused, because by design the P2S client will have routes listed for all VMs in the HUB VNet (which hosts the Virtual Network Gateway). However, even though the HUB VNet and the other VNets are connecting via peering, the P2S client will not have any routes presented in its configuration to discover the VMs in the other VNets. In order for the P2S client to be able to reach all VMs (trough for example RDP) located in the peered VNets, a static route for these VNets should be added in the routes.txt file of that specific connection. You can follow the steps below to get this working.

Solution

Open Run, type %appdata% and press Enter.

clip_image004

Open Microsoft – Network – Connections – Cm and select the right connection folder. Next, open the routes.txt file in Notepad (to open just double-click).

clip_image006

Remark

You can also find the correct path to the routes.txt file in the P2S VPN log file. You can open this file by opening your P2S connection and selecting on Properties instead of Connect. In the opened Properties page select View Log. Search for ActionPath, which will show you the location of the file.

clip_image008

clip_image010

End of remark.

In the opened routes.txt file, add the static routes for the other VNets.

For example:

ADD 10.6.0.0 MASK 255.255.240.0 default METRIC default IF default

ADD 10.7.0.0 MASK 255.255.240.0 default METRIC default IF default

ADD 10.8.0.0 MASK 255.255.240.0 default METRIC default IF default

clip_image012

Save the file, and connect again. You should now be able to RDP to all other VMs in the spoke VNets.

Hope this helps and for any questions feel free to contact me through my Twitter handle.

Wim Matthyssen (@wmathyssen)

Share on LinkedInTweet about this on TwitterShare on Google+Share on Facebook