Problem when trying to connect to blob private endpoint in azure with point-to-site VPN connection to VNET
I have created an Azure Resource Group with a virtual network, a virtual network gateway, a blob storage and a private endpoint for the blob storage. I have configured the storage account to only accept connections from private endpoint.
In order to access the blob storage I configured a point-to-site VPN tunnel to the virtual network gateway and connected to it.
The connection to the vpn has been established successfully, however, I'm still not able to connect to the blob storage. I get the following error message:
I'm trying to do this via azure-portal in the browser:
It seems like the connection towards the blob storage is still established with my public ip instead of the private ip assigned to my vpn connection:
I have a vague guess that maybe I need to adapt the DNS or add a NAT rule to make sure that traffic from my local pc is actually routed over the vpn to the private endpoint and not using the public endpoint despite the fact that the tunnel is open... Unfortunately I have no idea how to do that.
I'm quite a noob concerning network-related knowledge so I was not able to perform any further debugging on my own. I think it is a fairly simple task and I'm just missing something obvious.
It would be great if someone could point me in the right direction.
Thanks!
You have two options to make this work.
1 - Use hostfile and update the Storage Account FQDN to resolve to the private endpoint's IP.
2 - Use custom DNS server deployed in Azure as DNS forwarder and forward the requests to Azure Wireserver IP. Refer : https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns#on-premises-workloads-using-a-dns-forwarder enter image description here
P.S: The above requires you to add DNS suffixes and custom DNS servers to the Azure VPN Client configuration file.
- Get notified of VPN state change in OS X 10.11 and above
- Connect CISCO Anyconnect VPN via bash
- VPN On RaspberryPi Prevents Data Shipping Out from WeeWx
- GCP: Serverless VPC Connector not working with Cloud Functions
- Issue with wg-easy VPN service and setting up auto reboot using Powershell script on Automation Accounts
- Is there a way to make AWS VPN client work on Ubuntu 21.10?
- Authentication fails after enabling RequireGroup in openvpn-auth-ldap.so
- How does a linux shell gitlab-runner access servers behind a vpn?
- docker-compose: images behind VPN unavailable in local network
- Docker container and host network VPN
- Connect to surfshark vpn using python
- How to make an vpn app using react native
- "Client network socket disconnected before secure TLS connection was established", node 10
- FortiClient VPN white blank screen in macOS 14
- Accessing Self-Hosted Visual Studio Code Server via ZeroTier VPN
- Connecting to an Azure SQL database with a VPN (Point-to-Site)
- Why can't Cloud run service (next.js) connect to another Cloud run service (node.js) through Direct VPC egress
- WireGuard VPN: wg0.conf does not exist
- Automatically connect to network drives after connecting to VPN
- OpenVPN with node, How it works?
- VPN is not connecting after uploading android app bundle(..aab) to play store
- How to get Cisco VPN connection status in Batch for further processing
- docker-compose: route traffic through vpn except for connections to other services
- Snowflake nodejs driver returns Unable to connect: Network error. Could not reach Snowflake
- Problem when trying to connect to blob private endpoint in azure with point-to-site VPN connection to VNET
- Azure P2S VPN with Azure AD authentication for Mac
- Determine if connected to VPN or Office Intranet or Office Wifi using excel vba
- Measure internet speed continuously in kotlin
- Debug bot on local machine via ngrok and vpn
- Networking issues with WireGuard point-to-site setup