Quantcast
Viewing all 6513 articles
Browse latest View live

Using pfSense to VPN to Windows Azure

July 5, 2012, 9:26 am
$
0
0

I've been trying to connect Windows Azure to my main network using pfSense, which is a lightweight open source router, with limited success.

I've configured it as follows:

Phase 1

Interface WAN

Remote Gateway<Azure Gateway IP Address>

Authentication Method: Mutual PSK

Negotiation Mode: main

My Identifier:<My Public IP Address>

Peer Identifier:<Azure Gateway IP Address>

Pre-Shared Key: <Key Given By Azure>

Policy Generation: Default

Proposal Checking: Default

Encryption Algorythm: AES 128-bit

Hash Algorythm: SHA1

DH key group: 2

Lifetime: 28800

Phase 2

Mode: Tunnel

Local Network: <My Local Network>

Remote Network: <My Azure Address space>

Protocol: ESP

Encryption Algorythms: AES 128-bits

Hash Algorythm: SHA1

PFS key group: off

Lifetime: 3600

What I am seeing:

The azure control pannel seems to suggest that I have connectivity, and I can see Security Associations appearing on my IPSec gateway, Interestingly I only ever get one that seems to originate from my side, and every 10 seconds or so I get one added to the list originating from the Windows Azure side.

I also tried a constant ping for a while from my network to a device in one of my virtual networks and I clocked up a few KBytes in, but nothing back - so connectivity seems to be working - all be it a bit one sided.

I believe that pfSense's implimentation of a IPSec VPN is based on racoon, any help will be much appreciated.

Search

Unable to join secondary domain controller to PDC hosted on Azure VM

November 30, 2013, 8:13 pm
$
0
0

We have a cross site VPN to Azure. I have set up a VM in Azure to be a domain controller & DNS. I then added this machine as a DNS in my Azure Network.

Afterwards I joined a local machine to the new domain, it took a very long time, but eventually joined it. (Not sure why, because we have a very fast connection between our office and Azure). Then I attempted to join this server as a secondary domain controller, it failed. It would not get past the screen where it asks for credentials to for the domain. It keeps coming back, (after about 10 minutes), that the credentials supplied is invalid.

I give up at this point, can anyone please help.

Thanks. 

Revocation of Point to Site VPN User's Certificate/ Security of P2S VPNs

November 30, 2013, 11:10 pm
$
0
0

I was able to successfully create and connect to a Windows Azure VPN.

However, it appears that there are no ACLs on the VPN and all security is controlled via certificates. How do we handle the scenario where we need to "revoke" a client certificate (ie., a developer/employee who has a cert leaves the company) ?

Is it possible to revoke a certificate with Azure VPN and Point-To-Site? If not, how do I secure a Point-To-Site VPN?

[MSFT] Azure P2S (Point-to-Site) VPN issue

November 11, 2013, 12:19 pm
$
0
0

(Posting on the forum to alert the issue and impact)

An issue on Azure P2S (Point-to-Site) VPN was found last week that could prevent customers from using Azure P2S VPNs.Note that P2S is a CTP feature and should not be used for production workloads.

  • Impact:
    • For the affected P2S VPN gateways (DynamicRouting Gateways), customers will not be able to connect their VPN clients to their Azure VPN gateways
    • The S2S VPN tunnel on the affected gateway is NOT impacted – so S2S VPN tunnels for DynamicRouting gateways will continue to work
    • (StaticRouting gateways are NOT affected by this issue)
  • Mitigation:
    • Customers with affected P2S VPN gateways should delete and recreate their VPN gateways, then download/install the VPN client installation packages again. This should mitigate the issue.
    • The potential side effect is that their VPN gateway VIPs (public IP addresses) may change. If they also have S2S VPN tunnels on the same gateways, they may need to update their VPN configuration to connect to the new VIPs.
  • Fix:
    • The product team is working on a hotfix to this issue. We will roll this out as soon as possible.

Apologize for the inconvenience. Please contact me if you have any questions.

Thanks,

Yushun Wang [MSFT]


VPN with ASA 5510, phonefactor and Windows 2008 R2 Radius server

December 2, 2013, 7:58 am
$
0
0

Hi folks,

A Cisco ASA ( v 8.2(5) ), using a Microsoft Windows 2008 R2 server as a Radius server and we're connecting with Cisco AnyConnect Secure Mobility Client ( v 3.1.00495 ) via VPN. From the Radius server ( where Phonefactor is installed ) I can get the authentication and subsequent phone call to work fine. If I go to the ASA and attempt the authentication, it says successful but no phone call. Same scenario working from home, I can get thru with my UID/password just fine but never get a phonecall. It's as if phonefactor is ignoring the ASA...if someone can point me to a link/doc it would be GREATLY appreciated.

Thanks in advance!

Buddy

Unable to connect to VPN

December 2, 2013, 3:40 pm
$
0
0

We had been happy users of the Azure VPN for months, until today. It is hanging on verifying password for client certificate. It basically times out. Happening on all of our developer boxes. Help!

Error: The connection was terminated by the remote computer before it could be completed. (Error 628)

Azure availability set

December 3, 2013, 12:41 am
$
0
0

hi,

i'm trying to set a backup server for our production server.

the services is exposed on port 80, on both servers.

i mad an availablity set between the servers but when the main server is down i can't get to the site.

thanks

makecert.exe Error: WriteFile failed =>0x7b (123) Failed

December 3, 2013, 2:18 pm
$
0
0

HY!

I have a question for you. When I run cmd as administrator and typed a command as "makecert -sky exchange -r -n "CN=<testCertname>" -pe -a sha1 -len 2048 -ss My "<testCertname>"

the result showed that "Error: WriteFile failed =>0x7b (123) Failed"

What does it mean? What do I wrong?

Thanks

Search

Virtual Network -Public IP

December 3, 2013, 11:27 pm
$
0
0 
We are migrating an application to azure , this application talks to the on premise WCF /DB- We are considering to use Virtual network to have the connectivity.


The on premise WCF is also talking to many other on premise application.

In this case , What would be the impact on other application?
When we configure virtual networks with a particular Ip range(subnet) - what would be the impact on all other applications talking to this WCF ?


Also , since the on premise server has to be public facing (IP) - what are the security impact ? what are the mitigations that can be taken care ?

Periodic black hole router syndrome - large packets dropped by Azure when using site-2-site vpn

December 4, 2013, 2:29 am
$
0
0

Hi,

I have a virtual network on Azure with a site-2-site VPN tunnel to on premise. On premise VPN device is a Windows 2012 Server. This setup mostly works, but from time to time I get black hole router syndrome.

The tunnel is up. Normal ping works, however if I try on an Azure VM:

ping -f -l 1472 on.premise.server.ip

I get "Request timed out". If I try from an on premise server "ping -f -l 1472 on.azure.server.ip" everything is OK. This problem is not permanent. Everything worked just fine yesterday, but today it does not.

Does anybody know how to solve this?

Regards,

Hugo

Private network

December 4, 2013, 2:50 am
$
0
0

Hi

I need to create my private local lan to create domain controller and machines connected to it, like in normal environment, what are the steps, can anybody help?

Thanks

Can this solution be done?

December 4, 2013, 4:01 pm
$
0
0

I have a customer with 2 offices one in USA and the other in the Philippine.

We want to set up VM with the DFS server role on Azure for each office and replicate between them. Can this be done?

We need to set up one DFS server on Azure in US data-center inside its own VNET and VPN it with the local office in USA and set up the second DFS server on Azure in Asia data-center inside its own VNET and VPN it with the local office in Philippine.

How do we connect these 2 VNETs together to replicate between these 2 DFS servers on Azure?

I tried to set up one Affinity Group for both VNETs but I found that Affinity group does not span from one data-center to another.

Please let me know what to do to make this work, Thanks.

Mahair Ashaboon MCSE & Network+

Permanent Point-to-Site VPN to Azure for all VMs on my Hyper-V server

December 5, 2013, 3:00 am
$
0
0

I'm working from an office where I don't have control over the network and I cannot set up a site-to-site VPN that normally would be set up from Cisco box or similar.

I followed the steps for a Point-to-Site VPN and it works fine for my user when logged in: I can connect to my Azure VMs by using their internal addresses (10.0.1.x range), etc., so far so good.

But, what I really want to do is to have some of my local VMs run SharePoint web front ends towards the SharePoint farm hosted in Azure. How can I use my Point-to-Site VPN to use it for all Hyper-V VMs on a server? How can I make the VPN permanent and not only available for my user and only when I signed on?

can I change Point-to-point connection encryption

December 6, 2013, 4:46 am
$
0
0

Can I change the point-to-point encryption from AES to DES?

The problem is that I have ASA router with old firmware and the AES256 encryption does not work correctly.

Authenticate users on local machine using windows azure AD or controller hosting on azure

December 7, 2013, 6:40 am
$
0
0

The requirement is simple

We want to create user login for each of our users. All users will get authenticated only through Azure. We do not have any local ADs as of now.

We have systems ranging from XP to Win 8.1. 

Is it possible? how?

Search

VPN and Virtual networks

December 8, 2013, 3:49 pm
$
0
0

I am ready to give up on Azure.....

I have a 2012 VM created in that is the same region as my virtual network

I only have one connection on the VM when I go into network connections it is pulling a 100.65.126.x address thru DHCP

The VM is accessible from the internet but not accessible when I connect to my point to site VPN using the client.

My VPN is on a 10.0.0.x network.  I would expect the VM to have an adapter on the 10.0.0.x network as well.  Can someone please give me a resource that is step by step.  How to create a VM on the same virtual network and in the same subnet?  I must be missing something here 

Packet Loss in East-Asia network

November 18, 2013, 5:37 pm
$
0
0

I am observing packet loss between two virtual machines in East-Asia nwtwork.Both are running WS2008R2,built in the same cloud service.Simple "ping -n 500" gives me packet loss of a few percent when my app is running at the same time (cpu load ~20%,bandwith < 10%).

I gave more details here and it is similiar problem as in WestEU network here.Since the packet loss problem is solved in WestEU network I have created new post for East-Asia network.

Daniel

Daniel Drypczewski

How to Get the IP of My Windows Azure VM

December 9, 2013, 3:52 am
$
0
0

Hi,

I am new to Azure Platform and need help to work on my Azure VM.

With my windows Live Id, I have created Azure account and Virtual Machine also created.

Now to access this VM from my Company Network (using Remote Desktop Option), my company need IP of this VM to enable it in our network.

How to get the IP address?

Not sure whether my question making sense here, but actually I need to access my VM and start working in this VM.

Please let me know if anyone have inputs.

Thanks in advance.

-Sharath

Thanks, Sharath

Error Code 2147014836 Point to Site VPN

October 14, 2013, 3:16 pm
$
0
0

I receive the following errors when attempting to establish a VPN connection.

VPN Client gui:

A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
 (Error 0x8007274c) For customized troubleshooting information for this connection, click Help.

VPN Client Log:

[cmdial32] 17:55:32 04 Pre-Connect Event ConnectionType = 1
[cmdial32] 17:55:32 06 Pre-Tunnel Event UserName = Client_Amalgam Domain =  DUNSetting = 270c7025-c595-4907-ad50-375d6cb74b0a Tunnel DeviceName = WAN Miniport (SSTP) TunnelAddress = azuregateway-270c7025-c595-4907-ad50-375d6cb74b0a-0.cloudapp.net
[cmdial32] 17:55:54 21 On-Error Event ErrorCode = -2147014836 ErrorSource = RAS

Windows Administrative Events:

CoId={546EA364-A8F3-46CB-B99F-B5D1E5ED3C87}: The user NORTHAMERICA\ecochran dialed a connection named 270c7025-c595-4907-ad50-375d6cb74b0a which has failed. The error code returned on failure is -2147014836.

CoId={546EA364-A8F3-46CB-B99F-B5D1E5ED3C87}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.

A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

Since the only piece of the VPN configuration I can control is the Cert I would think I have made a mistake somewhere in the creation or exportation of the cert.  Should the .cer  file, when exported without the private key to be uploaded to azure, be DER encoded binary X.509(.CER) or Base-64 encoded X.509(.CER)?  When exporting the client cert should any of the Personal Information Exchange - PKCS #12(.PFX) options be checked? Include all certificates in the certification path if possible, delete the private key if the export is successful, or export all extended properties.

I used these exact commands referenced in this article when creating the certs.

msdn.microsoft.com/en-us/library/windowsazure/dn133792.aspx

Any help would be appreciated.

Thank you,

-Ethan

Azure Point-to-Site VPN - wanting multiple root certificates

December 11, 2013, 1:07 pm
$
0
0

I have a question on configuring a point-to-site VPN in Azure. I had previously setup a point-to-site VPN with one root certificate, created the client cert and downloaded the installer – that all worked great. Now I’d like to issue another root certificate as we will have a different set of users connecting to the VPN. After uploading the new root cert and installing the new client cert and attempting to connect I get the below error:

The remote access connection completed, but authentication failed because the certificate that authenticates theclient to the server is not valid. Ensure that the certificate used for authentication is valid. (Error 853)

I tried downloading a new installer, but keep getting the same error.

Do you have any ideas on how to resolve this?

I had also ran into an issue where it was timing out when connecting, both root certs would do the same thing so I removed the new root certificate and then reuploaded it, but to no avail.

Does all the root certificates need to be uploaded before the gateway is created?

Can anyone help?

Viewing all 6513 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>