Well, first I want to use site to site VPN of Azure. It looks really cool but unfortunately I don't have a Azure supported VPN device on my local network. I have a OpenVPN router though, so I set it up.
1) I have a virtual network configured in Azure 10.0.0.0/19.
2) OpenVPN client is an Ubuntu Server 12.04 with IP 10.0.0.6. It's connected to my home network 192.168.1.0/24. The internal OpenVPN is using 192.168.66.0/24. So on the Ubuntu, it has tun1 with IP 192.168.66.6.
3) It works great from my home LAN to this Ubuntu server only. 10.0.0.6 can talk to 192.168.1.0/24 and vise versa.
4) Now the issue I am facing is that it wouldn't allow me to access any other servers on 10.0.0.0 vlan. My plan is to test a Windows 2012 as my backup AD through the OpenVPN tunnel, but I can't get to any other servers with 10.0.0.0/19 vlan.
4.a) My route config on Ubuntu is:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.0.1 0.0.0.0 UG 0 0
0 eth0
default 10.0.0.1 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 * 255.255.224.0 U 0 0
0 eth0
192.168.1.0 192.168.66.5 255.255.255.0 UG 0 0 0 tun1
192.168.66.0 192.168.66.5 255.255.255.0 UG 0 0 0 tun1
192.168.66.5 * 255.255.255.255 UH 0 0 0 tun1
4.b) My Windows routing table is:
===========================================================================
Interface List
13...00 15 5d 66 0f 5a ......Microsoft Hyper-V Network Adapter #2
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.5
5
10.0.0.0 255.255.224.0 On-link 10.0.0.5 261
10.0.0.5 255.255.255.255 On-link 10.0.0.5 261
10.0.31.255 255.255.255.255 On-link 10.0.0.5 261
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 10.0.0.6 10.0.0.5 6
192.168.66.0 255.255.255.0 10.0.0.6 10.0.0.5 6
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.5 261
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.5 261
===========================================================================
Persistent Routes:
None
4.c) On Ubuntu OpenVPN client machine, tcpdump result tracking icmp packets. I can see packets going to eth0 interface, but didn't see any reply back.
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
01:59:53.228791 IP (tos 0x0, ttl 126, id 10619, offset 0, flags [none], proto ICMP (1), length 60)
192.168.1.4 > 10.0.0.7: ICMP echo request, id 1, seq 665, length 40
01:59:58.078545 IP (tos 0x0, ttl 126, id 10620, offset 0, flags [none], proto ICMP (1), length 60)
192.168.1.4 > 10.0.0.7: ICMP echo request, id 1, seq 666, length 40
4.d) On Windows machine, when ping 192.168.1.1, no reply back.
4.5) I can ping 10.0.0.6 from 10.0.0.5 as they are all local vlan.
So how can I make Windows to route 192.168.1.0/24 using 10.0.0.6 VPN gateway? My observation is that Azure virtual network may be dropping my 192.168.1.0/24 packets. Any workaround to my problem? Thanks for helping.