1

I'm able to connect successfully to my SSTP VPN on a Windows 2012 R2 machine running RRAS on Azure, but once connected, I can't access the internet.

I understand that I could workaround this issue by creating a split tunnel (disabling default gateway on remote network) on the client's end, but corporate policy discourages a split tunnel.

I'm sure this is a simple route that needs added in Azure, but I'm not sure what that would be.

Thanks!

enter image description here

rb195048
  • 61
  • 1
  • 2
  • 9
  • Most likely you need to enable NAT on the VPN server. – Tero Kilkanen Dec 23 '16 at 16:33
  • Tero, I'm using one NIC on my VPN server and I believe NAT requires two. Does this mean I won't be able to access the internet over VPN? – rb195048 Dec 23 '16 at 16:46
  • Please provide a network diagram, how the VPN server is connected to the Internet, and how is its network configured. – Tero Kilkanen Dec 23 '16 at 16:51
  • Added network diagram. VPN server is connected to the internet with an external IP. Network is configured with a 10.10.10.0/24 configuration. – rb195048 Dec 23 '16 at 17:08
  • Does the VPN server have an external IP on its network interface? Is the VPN a tunnel or a bridge? – Tero Kilkanen Dec 23 '16 at 17:17
  • The VPN server has an external IP on the network interface. It is a VPN tunnel – rb195048 Dec 23 '16 at 19:40
  • But in your picture you show that it has an internal IP? If it has both, then you need to set up a NAT so that packets forwarded from the VPN will get translated to the external IP address. – Tero Kilkanen Dec 24 '16 at 02:16

2 Answers2

1

According to your description, I test in my lab (the VM have one NIC), the same error as you. Maybe you should check your RRAS configuration, check the IPv4-->NAT: enter image description here
If you still have questions, welcome to post back here.

Jason Ye
  • 2,399
  • 1
  • 8
  • 10
0

Its not a NAT issue. What is probably going on is that the IP configuration you are getting from the VPN is what is affecting. You need to have DHCP and DNS configured on your server and have your VPN forward/relay the DHCP scope to your VPN.

This is the properties of my VPN:

Click to view picture

Here, notice the block reserved for RAS, this shows that some addresses have been reserved for your VPN and the relay is working and any PC that connects to your VPN should get an address automatically.

Click to view picture

If you dont want to setup a DNS server, then in your DHCP configuration you can have google's public DNS as the DNS server.

I encountered this exact same issue when setting up my SSTP VPN.

UPDATE:

Looking at your network, is the subnet 10.10.10.xxx being "natted"? If it is, then it could be that youre trying to access the server behind a second NAT, assuming the 10.10.0.0 subnet IS a NAT itself. If it isnt, then port forwarding 443 from Azure to your server should do the trick along with the above i posted.

xR34P3Rx
  • 197
  • 1
  • 3
  • 15