Reputation: 37
Problem when trying to connect to blob private endpoint in azure with point-to-site VPN connection to VNET
I have created an Azure Resource Group with a virtual network, a virtual network gateway, a blob storage and a private endpoint for the blob storage. I have configured the storage account to only accept connections from private endpoint.
In order to access the blob storage I configured a point-to-site VPN tunnel to the virtual network gateway and connected to it.
The connection to the vpn has been established successfully, however, I'm still not able to connect to the blob storage. I get the following error message:
I'm trying to do this via azure-portal in the browser:
It seems like the connection towards the blob storage is still established with my public ip instead of the private ip assigned to my vpn connection:
I have a vague guess that maybe I need to adapt the DNS or add a NAT rule to make sure that traffic from my local pc is actually routed over the vpn to the private endpoint and not using the public endpoint despite the fact that the tunnel is open... Unfortunately I have no idea how to do that.
I'm quite a noob concerning network-related knowledge so I was not able to perform any further debugging on my own. I think it is a fairly simple task and I'm just missing something obvious.
It would be great if someone could point me in the right direction.
Thanks!
Upvotes: 1
Views: 5234
Answers (2)
Reputation: 151
You have two options to make this work.
1 - Use hostfile and update the Storage Account FQDN to resolve to the private endpoint's IP.
2 - Use custom DNS server deployed in Azure as DNS forwarder and forward the requests to Azure Wireserver IP. Refer : https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns#on-premises-workloads-using-a-dns-forwarder enter image description here
P.S: The above requires you to add DNS suffixes and custom DNS servers to the Azure VPN Client configuration file.
Upvotes: 1
Reputation: 5540
I tried to reproduce the same in my environment I got the results successfully like below:
To resolve this issue, Check the below workarounds:
The private endpoint is blocked public access for this storage account, the only way to access from the network create a virtual machine in the same network and deployed Azure Bastion like below:
Created a storage account with a private endpoint like below:
Once, I connected with Bastion in browser login with my Azure portal -> storage account I am able to connect to blob private endpoint successfully like below:
To Check the private endpoint's DNS name use nslookup command like below:
Upvotes: 0
Related Questions
- Connect to Azure function app with private endpoint over VPN point to site
- How do I connect to Azure SQL Database using Private Endpoint trough VPN gateway
- Azure Private endpoint access from VPN
- Connection to Azure SQL database on Azure Private Link/Endpoint using Azure VPN Client not working
- Connect Azure Data Factory with Private Endpoint to Storage Account with another Private Endpoint in the same VNet
- How to access Azure Storage via VPN? Private Endpoint?
- Unable to connect to azure SQL through Point-to-Site VPN connection
- Windows Azure Virtual Network Point-to-Site connection error
- Azure Point to Site VPN