Allow Azure Basic VPN Gateway to connect from OpenVPN client
If deploy VPN Gateway and follow this instruccions , Azure Powershells shows this error:
Set-AzureRMVirtualNetworkGateway: Vpn Client protocol OpenVPN is not supported for basic Sku Gateway [..]6 votes
Please add the ability to customize the IKE/IP-Sec policy for the Azure Site-To-Site (Virtual Gateway) connections instead of via PowerShell
Ease of use; use the interface instead of PowerShell for customizing IKE/IPSec1 vote
When creating a VPN Gateway Connection, create an error when the password doesn't meet the password requirements.
When you create a new VPN gateway connection, if you enter a password that doesn't meet the password restrictions (no special character), you can still create the connection and not know that there is an issue.1 vote
Currently, a VNG can be updated and fail-over (or, in our case, just plain fail) without any information for the end user. Updates and failover events should appear in the activity log so the end user has a chance of determining why users are disconnected or why the VPN is not working.3 votes
When I connect to the P2S vpn I need to be able to set an an address pool. Right now when I connect there is nothing to determine the addressing besides defining a subnetmask. However the addresssing starts at (0) so when I connect to the VPN I will be assigned example 192.168.1.0 as my IP address. I am able to connect to the Azure Network Gateway, But I am not able to connect to any Site-2-Site connections I have connected to Azure.15 votes
Hi currently in our project we heavily using Azure Resource
And with current implement we using ARM template and powershell to provisioning all kind of resource. So I notice that with normal resource it only take around few second to 2 or 3 minute to finish except
It sometime take up to 1 hour to provision and it is like a pain in my *** that I really don't know why. Can someone so me a way to reduce provision time for Microsoft.Network/virtualNetworkGateways or explain for me in detail way why it take so much time to provision?6 votes
Hi there, are you using Gateways for VNet-to-VNet communication? If so, I’d recommend VNet Peering. This is much easier to set up and takes barely a couple of minutes. https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
If not, we are working to reduce the time it takes to deploy.
Can VPN gateway push a new DNS server address to client when the client connected1 vote
today I made the mistake to execute the one, then missed the point for the client certificate creation and finally the VPN client did not find it.
The evening I read the article again... the text descriptoin obfuscates this a bit, it only says "same powershell sessoin" or something, but just throwing both of them in powershell IE and execute them together got me to the goal.1 vote
I've found change of VPN Gateway FQDN from "cloudapp.net" to "vpn.azure.com" without notification.
And this caused that P2S connection was denied on our proxy server because the server had allowed only old FQDN "cloudapp.net".
It takes time to add new FQDN to proxy server,
so I want you to notify us before the change like this.1 vote
Add option to authenticate to VPN Gateway using existing Azure AD accounts. For security reason there should be option to add a group of users allowed to use VPN.
This should help to use Azure VPN Gateway by customers which not use local AD DS servers61 votes
could you please update the script for Cisco ASA as i see many bugs and many are having hard time in establishing the tunnel with azure
could you please update the script for Cisco ASA as i see many bugs and many are having hard time in establishing the tunnel with azure with many ASA models and OS versions below 9.8.2
please confirm the which IKE parameters for a connection works for stable IKeV2 route based tunnel with policy based TS enabled. I see many times the tunnel which is good for many days abruptly goes down all of a sudden with out any changes being made. Appreciate your help.1 vote
Why does it take upwards of 30 minutes to create a vnet gateway?
If I am doing a PowerShell script or a CI/CD deployment, the whole world stops while the VPN takes 30-odd minutes to be initialised and start. Can this please be addressed?61 votes
It would be nice to have built in alerting for when VPN connections are dropped/connecting. We've had to setup an hourly runbook to call a PowerShell command that pushes data to OMS and then create an alert. All of the data is available in resource health so it shouldn't be a difficult enhancement, we just have no native way to pull/alert the data.77 votes
Thanks for the feedback. We will review our current Azure Monitor capability for VPN connections to see if we can provide this alerting capability, or leveraging Az Monitor Diagnostics logs/OMS.
I have recently migrated a classic virtual network with a Site-to-Site VPN connection to an ARM VNet using platform-supported migration.
When the connection between the 2 networks was recreated under the ARM platform it defaulted to a VNet-to-VNet connection which meant a loss of connectivity between the 2 networks. I had to add create another LNG and recreate the connection as a Site-to-Site.
Now I understand the benefits of VNet-to-VNet connections but I would like the platform-supported migration to respect the existing connection type and recreate this correctly.1 vote
I would like to set up a packet filter for VPN GW.
It is the same as RRAS packet filter setting.
Inbound IP address and port range filter, and outbound IP address and port range filter.
Our VNET is connecting between sites with customers' VNET and VNET GW. Even if it is attacked from outside the customer's VNET, I do not want to endanger our VNET. I would like to filter traffic arriving at VNET with source IP and destination port number.
How can it be realized?
Thanks for the feedback. This is currently not planned. To protect your virtual network, one suggestion is to setup Network Security Group on your subnets or NICs to filtered out unwanted traffic.
The amount of hassle involved with getting some IKE logs for a VPN that will not connect is unacceptable. 15 Azure PoSH commands is insane.
Have a working troubleshooter in the web UI1 vote
Thanks for the feedback. We plan to leverage Azure Monitor Diagnostics logs to allow customers to get IKE logs. Will update once the feature is in progress.
Show the private IP address of a virtual network gateway in the "Connected devices" blade.9 votes
Currently, the gateway private IP addresses are not required for configurations or operations, other than the GatewaySubnet range. They should have been hidden from users. The gateway resource model does not have a field for those either.
There may be use cases for new features down the road. We will update the gateway resource model accordingly and expose those properly.
We can't meter Point-to-Site VPN usage now.
Please provide metric for Point-to-Site VPN traffic like Site-to-Site tunnnel metric.3 votes
YAMAHA RTX router series ( https://network.yamaha.com/products/routers )
are not validated as VPN devices:
Nevertheless I or some Japanese are struggling to connect Azure VPN Gateway with YAMAHA RTX routers.
we are able to have connection but there are some troubles reported on blogs.
We need to verification.
At kakaku.com(the most popular Bestbuy ranking site in Japan),
YAMAHA RTX830 and RTX1210 are the top 2 selling products nowadays.
Previous models are also popular for a couple of decades in Japan.
I think the verification will have huge impact in Japan to support VPN Gateway at SOHO environments.4 votes
Thanks for reaching out to us regarding the VPN device issues. In general, our team needs to work with the VPN device vendor, in this case, Yamaha, to validate their VPN devices connecting to Azure VPN gateways.
To get things started, we will need someone from Yamaha to contact us, either via Microsoft Japan if that’s easier, or open an issue on the page directly. Once we establish the contact, we can proceed to work with Yamaha to validate their VPN devices.
We use routes based VPNs for most connectivity to Azure. However, we do have some policy based VPNs that need access to Azure as well.
Unfortunately, it doesn’t appear that Azure lets you configure the local network prefix When using traffic selectors in IPSEC.
This is extremely common on network equipment outside of Azure. I’ll reference an example with a Juniper SRX.
Azure automatically uses every prefix configured within a vNet as the local prefix. It’s my hope that we can configure this per ‘Connection’ when using traffic selectors.
Can we have this feature considered?
Thank you.20 votes
Thanks for the feedback. This is currently not possible, and not in our roadmap. We will review the ask and post updates if the status changes.
- Don't see your idea?