Can't get VPN client to route traffic for some resources

Deep-Egg-6167 · March 7, 2025, 11:16pm

Hello,

I’m not sure if it is a firewall issue or a routing issue. I connect with the Azure VPN client and can ping the server. Several other people can as well. I have one user with a generic set up as far as I know but after he gets a green connection in the client he can’t ping the resources. We have a VM that he should be able to ping but can’t.

I’m pretty new to azure so I’m not sure where to start in troubleshooting.

The windows firewall on the PC that can’t ping the azure resoures has been turned off temporarily.

The windows firewall on the azure VM was also turned off temporarily - still couldn’t ping from one workstation.

Do I need to add the internal subnet of the PC that can’t ping somewhere in azure?

Thanks

Leather-Swim-4777 · March 7, 2025, 11:17pm

Unfortunately this gives us very little to go on, have you tried using the troubleshooter? do you have any NSG setup to block connectivity? Are the scopes of the networks clashing? do you have any route tables configured?

GWSTPS · March 7, 2025, 11:17pm

TRACERT (address) from the connected client & compare to a working one

ROUTE PRINT on the connected client / compare to one that works.

GWSTPS · March 7, 2025, 11:17pm

and are you connecting by resource name (DNS / name resolution) or by IP address?

jba1224a · March 7, 2025, 11:17pm

When you say they have a “generic setup” does that mean they are not using the azure dns client?

superpj · March 7, 2025, 11:17pm

Never rely on ping first off. That’s blocked most of the time. Try telnet to smb ports or something. Also do you have a route table directing traffic to the firewall? Did you do 0.0.0.0/0 or “0.0.0.0/1, 128.0.0.0/1”?

Deep-Egg-6167 · March 7, 2025, 11:17pm

Thanks -

Can you tell me where to find the route tables - I still get lost in the menu system.

Deep-Egg-6167 · March 7, 2025, 11:17pm

You were right - the route print solved it - thanks!

Deep-Egg-6167 · March 7, 2025, 11:17pm

Thanks - I get nothing but request timed out on every line of the one that cant connect

Deep-Egg-6167 · March 7, 2025, 11:17pm

The VPN is by IP and the ping is by IP on the working one and the one that connects via vpn but can’t ping.

Deep-Egg-6167 · March 7, 2025, 11:17pm

Thanks I mean I haven’t done anything fancy. I can’t ping by IP - not trying to connect via name.

Deep-Egg-6167 · March 7, 2025, 11:17pm

The issue was manually putting in a DNS - it was taking priority in the route on the PC.

jba1224a · March 7, 2025, 11:17pm

What kinds of resources are you trying to ping?

Understanding the use case for the vpn (what is the user trying to access) will help folks troubleshoot with you.

Deep-Egg-6167 · March 7, 2025, 11:17pm

Thanks the issue is resolved - I had manually entered the DNS in the nic instead of the VPN - for some reason that created a route that superceded the VPN client route.