none
Can't ping Linux VM from laptop connected to Point-to-Site VPN after a failover test RRS feed

  • Question

  • Hi, we have several replicated VM from our premise Windows and Linux. We've a point-to-Site VPN connexion configured and working. Now the issue when doing a test failover on all our replicated VMs:

    - I can ping fine most of Windows VM and RDP to them too from laptop connected to Azure with point-to-Site VPN connexion.

    - I can't ping all Linux VM that have static IP from laptop connected to Azure with point-to-Site VPN connexion.

    - I can ping almost all VMs, Linux or Windows, static or not, from the DC VM inside Azure (so not from laptop connected to Azure with point-to-Site VPN connexion) which means that IP on VM is properly configured.

    So my question is: why can't i ping some VMs, especially Linux one with static IPs, from laptop connected to Azure with point-to-Site VPN connexion where i can ping them from inside Azure? it doesn't make any sense.

    Wednesday, January 3, 2018 1:07 PM

Answers

  • Thanks for all of that information! I reached out to some of my contacts in the Networking group and they suggested that I have you open a support ticket as they would need to see your environment in order to suggest a fix. Especially since you are not seeing the same issue with your Windows machines. 

    If you do not already have a support plan could you go ahead and email me at AzCommunity@microsoft.com with your Subscription ID and a link to this thread? I can enable a free support request for you so we can get this taken care of. 

    -Micah

    Friday, January 5, 2018 4:58 AM
    Moderator

All replies

  • Are you able to access the Linux VMs via SSH through the point-to-site and just not ping? Or are they 100% unreachable over the P2S?
    Wednesday, January 3, 2018 6:46 PM
    Moderator
  • You could not ping Linux VM on Azure from your local local? Could you ssh to the Linux VM? 

    If the answer is yes, it seems a firewall issue.

    Thursday, January 4, 2018 8:07 AM
  • Important information: those are replicated VMs from SiteRecovery and we don't use IPSec back to our premise. Only one way from on premise to Azure, never back to on premise.

    I can access Linux VM in DHCP via SSH and ping them from local connected to VPN laptop

    I can't access Linux VM in static via SSH and ping them from local connected to VPN laptop

    In fact, i figured out what the issue was but can't find anything to fix it :

    Azure is serving a default gateway by DHCP which has nothing to do with gateway configured on Linux VMs static. So the issue is normal behavior as Linux VMs can't find her way back to my laptop over VPN as gateway doesn't exist in Azure.

    Few solutions come to mind :

    - Change IP of my router on premise to Azure default one (would like to avoid this)

    - Change default gateway IP served by DHCP by Azure to the IP our router has on premise (would be the best but can't find anything related. And few posts on internet indicate that default cannot be changed....)

    - Upload a VM with a mini router configured just to act as our on premise router and routing traffic to Azure default gateway (a very long shot for something so simple)

    - Add Azure default gateway to my Linux VMs with lower metric than our on premise gateway. Not even sure i can do this as i have only one Network card.

    - Doing a trick involving DHCP and two network interface but in the end it will use twice the amount of IP adress for nothing.

    - I can't do routing as it's in the same subnet (tried but doesn't work)

    If you have a simple solution to my issue, i'm happy to hear it :)

    Azure adress space:172.16.0.0/12

    Azure subnet : 172.20.0.0/16

    Azure gateway subnet: 172.16.254.0/29

    Azure default gateway served to DHCP VMs: 172.20.0.1

    On premise router configured on Linux VMs static gateway: 172.20.75.254

    Thursday, January 4, 2018 6:05 PM
  • Thanks for all of that information! I reached out to some of my contacts in the Networking group and they suggested that I have you open a support ticket as they would need to see your environment in order to suggest a fix. Especially since you are not seeing the same issue with your Windows machines. 

    If you do not already have a support plan could you go ahead and email me at AzCommunity@microsoft.com with your Subscription ID and a link to this thread? I can enable a free support request for you so we can get this taken care of. 

    -Micah

    Friday, January 5, 2018 4:58 AM
    Moderator
  • Hi Mr McKittrick, sorry for the delay, was on vacation. I just sent you an email with details you requested :)

    Thank you very much for your help.

    Thursday, January 11, 2018 10:37 AM