Quantcast
Channel: Azure Networking (DNS, Traffic Manager, VPN, VNET) forum
Viewing all 6513 articles
Browse latest View live

Unable to Route from VPN to Internet in Azure (Wireguard and Ubuntu Server 18.04

November 21, 2019, 9:45 am
$
0
0

All,

Wireguard Server

  • Ubuntu 18.04 Server (fully up to date as of 11/20/2019)
  • WireGuard is installed and working (wg0/192.168.220.1/24)
  • IP Forwarding is enabled on in the VM
  • IP Address: 10.0.0.4

Azure Virtual Network "Wireguard"

  • Subnet = 10.0.0.0/24
  • Dynamic Public IP
  • IP Forwarding is Enabled on the Interface
  • There is a custom route attached to the subnet withing azure, 192.168.220.0/24 > Gateway of 10.0.0.4

I am able to establish tunnels between the server and my clients (Pixel 2XL (192.168.220.3/24) and Windows 10 (192.168.220.4/24)).

From my clients I am able to ping the wireguard server's VPN interface (wg0), the server interface (eth0/10.0.0.4), as well as another VM on the same azure subnet (10.0.0.5).

From the Azure subnet I am able to ping my clients from the wireguard server. I am also able to ping my clients from other VM's on the same subnet.

When I try to ping 8.8.8.8 from either virtual server, it is successful When I try to ping 8.8.8.8 from either client, it is unsuccessful.

I suspect this has to do with the azure custom route table since I cannot traverse back to my clients from other devices on the azure subnet. but it looks setup correctly, and is assigned to the subnet.

Any help or suggestions is appreciated.


Search

'Static' DNS Name Server

November 21, 2019, 10:14 am
$
0
0
Hi,

I want to host DNS zones for multiple domain names in my Azure environment. The creation of domain names is automated, they are created in Plesk and with a plugin they are created in Azure. For every DNS zone that is being created Azure creates 'unique' nameservers. 

e.g. Name server 1: ns1-06.azure-dns.com. and for the next domain Name server 1: ns1-07.azure-dns.net.

As you see the number behind ns1- is increased. 

This is annoying, because I work with a DNS NS template at my registrar and want to use the same name servers every time.

Is there a way to make the NS server always the same for each dns zone ('static')?
Or use vanity name servers?

Problem deploying a Palo Alto firewall NVA from Marketplace

November 21, 2019, 10:12 pm
$
0
0

Ive selected VM-Series Next Generation Palo Alto firewall from marketplace. I have created a vnet and the required 3 subnets (management, untrusted, trusted) before commencing.  In the wizard, when it comes to where i select the 3 subnets, most of my choices are not listed - including the subnets i created in preparation. Why would my subnets not be valid choices?

EDIT: i found out that the subnet mask must be at least /28. So that was it

Why Microsoft says not to keep S2S behind a NAT?

November 21, 2019, 4:59 pm
$
0
0
Any Idea why Microsoft says not to keep S2S behind a NAT?

Forcing Vnet Scope via firewall breaks communication

November 22, 2019, 4:30 am
$
0
0

Hi,

I have a UDR defined to send traffic through the firewall. All works as expected until I add the VNet scope then all communication stops to the VMs. According to MS articles I should be able to make this work. I'm using a Fortigate appliance. The article is below.

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

Connectivity between Azure Bastion and VM

November 19, 2019, 11:15 am
$
0
0

Hi
I receive error when logging on to Bastion.

It opens up fine, but is slow and theese errors.

error 1:
The network connection to the Bastion Host appears unstable.

error 2:
Connection Error
The connection has been closed because the target machine is taking too long to respond. This is usually caused by network problems, such as a spotty wireless signal, or slow network speeds. Please check your network connection and try again or contact your system administrator.

I'm not sure what could be the problem, I did try connect from other networks from my client but still same problem.

Any ideas to a fix?

Requests for domain reach out to India region instead of nearest hope US

November 22, 2019, 1:43 pm
$
0
0

Hello Team,

My VM is hosted in us region , but my requests are landing on India region. Could you please help here why this is happening?

Normal Scenario  : Landing on sjc region [us]

curl -IL https://www.licindia.in/CorporateSiteDemo/media/Mock4/pagination.png
HTTP/1.1 200 OK
Server:sjc-www

Azure Case : Going to bom [india]

curl -IL https://www.licindia.in/CorporateSiteDemo/media/Mock4/pagination.png
HTTP/1.1 200 OK
Server: bom-www



Azure Network Security Group Versus Linux VM Firewall

November 12, 2019, 2:55 pm
$
0
0

Hello Gurus,

I have created Virtual machine and attached the Security group and configured the ports for my applications requirement. The NSG is allowing traffic for the required ports from my other VMS. However I observed that unless I disable the firewall on the first VM or allow the specific ports on the VM where my service is running, i cant reach the service from another VM. I get an error "No route to host x.x.x.x is the port x.x.x.x reachable?"

Has anyone faced similar issue? If we have to disable the firewall, what is the purpose of configuring the inbound/outbound security rules at the NSG?

Thanks,

Murali

Search

Bastion RDP Setup

November 6, 2019, 11:41 am
$
0
0

Hi there,

I have an Azure Linux VM with a Public IP address of 52.191.251.32 and a Private IP address of 10.0.0.4. There is a "default" subnet with an address space of 10.0.0.0/24.

I would like to configure Bastion to RDP within the browser. I have attempted to set up the AzureBastionSubnet with various IP address ranges, but have received the following two errors:

1) The specified address space overlaps with subnet 'default' which has a range of 10.0.0.0/24.

2) Your subnet is not contained within the address space for this virtual network: 10.0.0.0/24

I have read all documentation and FAQ available, and am not able to determine what IP address range is needed to configure the AzureBastionSubnet to enable Bastion RDP within the browser. Any assistance would be appreciated - let me know if there is other information I might need to provide.

What is considered a VPN tunnel?

November 24, 2019, 8:04 pm
$
0
0

If I set up a VM and a VPN to connect for site-to-site links to three different of my sites (non-Azure), is that three tunnels? 

If it is three tunnels, are there any dynamic conditions that could possibly increase the number of tunnels created without my action or knowledge?

Thanks.

Issue setting up 2nd Internet Peering session to Microsoft AS8075

November 25, 2019, 3:44 am
$
0
0

I am trying to setup a 2nd internet peering session to Microsoft AS8075 from BCX AS7020 at NAPAfrica Johannesburg

The primary peering session was setup quite a while ago and not through the Azure Portal.

I do not have an Azure subscription and have created a free trial account to request the 2nd peering session. This is also my first time trying this through the Azure portal.

I have followed get the error below and I am no sure what I am doing wrong.

{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"BadRequest","message":"{\r\n \"code\": \"BadArgument\",\r\n \"message\": \"\"\r\n}"}]}

Issue setting up 2nd Internet Peering session to Microsoft AS8075

November 25, 2019, 3:45 am
$
0
0

I am trying to setup a 2nd internet peering session to Microsoft AS8075 from BCX AS7020 at NAPAfrica Johannesburg

The primary peering session was setup quite a while ago and not through the Azure Portal.

I do not have an Azure subscription and have created a free trial account to request the 2nd peering session. This is also my first time trying this through the Azure portal.

I have followed get the error below and I am no sure what I am doing wrong.

{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"BadRequest","message":"{\r\n \"code\": \"BadArgument\",\r\n \"message\": \"\"\r\n}"}]}

Best practice for handling HAProxy Failover

November 25, 2019, 4:26 am
$
0
0
What is currently the best practice way of handling failover for HAproxy behind the Azure Load balancer?

We currently have a two-node setup of HAProxy using keepalived on the nodes to detect and failover virtual IP addresses. Are there any solutions in i.e. Azure Load Balancer that can handle floating IP and handle the failover outside of the actual HAProxy nodes?

Cannot Delete subnets inside of Virtual Network

November 25, 2019, 12:51 pm
$
0
0

Deleting the Vnet gives the error 

Failed to delete virtual network '(vnet_name)'. Error: Subnet (subnet_name) is in use by (Resource_group)/providers/Microsoft.Network/virtualNetworks/(vnet_name)/subnets/(subnet_name)/serviceAssociationLinks/AppServiceLink'>(vnet_name)/(subnet_name)/AppServiceLink and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet.

Deleting the Subnet inside of the Vnet gives 

Failed to delete subnet '(subnet_name)'. Error: Subnet (subnet_name) is in use by (resource_group)/providers/Microsoft.Network/virtualNetworks/(Vnet_name)/subnets/(subnet_name)/serviceAssociationLinks/AppServiceLink'>(vnet_name)/(subnet_name)/AppServiceLink and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet.

Nothing else exists within my subscription except for the subnet and the Vnet. The template for the Vnet shows this 

        {
            "type""Microsoft.Network/virtualNetworks/subnets",
            "apiVersion""2019-09-01",
            "name""[concat(parameters('virtualNetworks_vnet_name'), '/subnet')]",
            "dependsOn": [
                "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworks_vnet_name'))]"
            ],
            "properties": {
                "addressPrefix""(address Prefix)",
                "serviceEndpoints": [],
                "delegations": [
                    {
                        "name""(name)",
                        "properties": {
                            "serviceName""Microsoft.Web/serverFarms"
                        }
                    }
                ],
                "privateEndpointNetworkPolicies""Enabled",
                "privateLinkServiceNetworkPolicies""Enabled"
            }
        },

for the definition of the subnets. What do I need to do to be able to delete the subnets and Vnets?

What forum is the best to ask "How to export Client Certificate of Azure VPN using PowerShell script?"

November 25, 2019, 11:40 am
$
0
0

What forum is the best to ask "How to export Client Certificate of Azure VPN using PowerShell script?"

I referred following pages, but its do not include exporting PowerShell script. Its include only Certificate Export Wizard operation.

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site

https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-how-to-vpn-client-install-azure-cert

I tried Export-PfxCertificate command, but password error occurred when importing it.

There is no problem if I use Certificate Export Wizard.

For my back ground, you can refer below.

https://social.technet.microsoft.com/Forums/en-US/8758a1ad-b006-4944-9b76-6d036ad42b92/azure-vpn-how-can-i-export-and-import-client-certificate-using-powershell-script-without?forum=winserverpowershell

I think Microsoft forum managers should not move this question without enough reasons without my agreement. Please do not make it solved by sending around.
Dispite using PowerShell is not mandatory, my question has been moved to the Windows Server - Windows PowerShell.

Best regards.







Search

NSG drops NIC after associating PIP

November 8, 2019, 3:36 am
$
0
0

Hi all,

Ok, this is the situation and I would like to know if this is intended behavior or not. I have a running machine that needs to communicate to the outside world for reasons. To minimise downtime I do the following

Deploy Public IP (PIP),
Deploy Network Security Group (NSG),
Associate NSG to existing NIC 'Some_Nic_nic0',
Associate PIP to existing NIC 'Some_Nic_nic0'.

This all seems to work just fine, no errors and the reason I do this is to prevent the machine for even a second to be on the open internet.

However, when you do this it seems that the moment you associate the PIP to the NIC, the NSG drops the link with the NIC. Meaning, if you do not know this your machine will be on the internet without any NSG in front of it.

Anyone know if this is intended or is this an actual bug?

Application Gateway: Switching from TLS1.0 to TLS1.2 causes an IIS MIME type to no longer be read

November 18, 2019, 10:12 am
$
0
0

Hello,

I have a web application hosted on an IIS server.

This web server has a custom MIME Type called '.configuration' with a type ' TEXT/XML'.

My web app which is a clickonce application, reads this XML file when it installs.

In short switching from the application gateway from TLS 1.0 to TLS 1.2 prevents the app from reading this XML file.

If i store this XML file in a TLS1.0 gateway, the application can read it.

Any ideas?


Multiple websites behin azure load Balancer

November 20, 2019, 12:28 am
$
0
0

Hello ,

we have a website hosted in our azure on two backend   behind a azure loadbalancer .we need to migrate another website to these two backends.is there a setting to do in loadbalancer  ?

Regards

Point to site VPN setup using two Azure different azure free account with different subscription.

November 20, 2019, 6:38 am
$
0
0
Hi All,

I would like to setup a Point to site VPN setup using two Azure different azure free account with different subscription. Below is the setup i'm planning to configure will it work.

Account1->Subscription1-> Virtual network1 -> subnet1 -> gateway subnet1 -> VM1
                                      -> Virtual network Gateways1 -> point-to-site-configuration -> update self signed root certificate --> download VPN client

Account2->Subscription2-> Virtual network2 -> subnet2 -> VM2 -> Install client certificate -> install VPN Client -> connect to VPN ->  Will i able to connect VM1 from VM2?

Im learning Azure, if question is not correct, please do correct me.

Thanks
Veera.

AppGateway use backend SSL port

November 19, 2019, 3:32 am
$
0
0

Hello,
Is there any way to force AppGateway/WAF to redirect requests to HTTPS (443) port of backend pool?

I just want to do the following:
WAF(:80) --> Backend(:80)
WAF(:443) --> Backend(:443)

And I just have
WAF(:443) -->Backend(:80).

I have an application in backend that whenever it receives the request at port 80, it redirects to 443 and I have an infinite 301 loop.
WAF(:443) --> Backend(:80) --> SSLRedirect --> WAF(:443) --> Backend(:80)...


Viewing all 6513 articles
Browse latest View live
Search