Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
534 views
in Technique[技术] by (71.8m points)

vpn - Azure Private Network Gateway - removing propagated network

I have created Azure Virtual Network with address space 10.50.50.0/23, in it, I have created 5 subnets - 10.50.50.0/26, 10.50.50.64/26, 10.50.50.128/26, 10.50.51.0/26 and 172.16.0.0/26, on top of this network I have created Virtual Network Gateway (VPN) with point to site 10.99.99.0/25, I would like to limit routing only to 2 subnets 10.50.51.0/26 and 10.50.51.64/26 - for doing that I've added --custom-routes for only those two network ... but still in my client I've saw routing to whole network range (10.50.50.0/23), same after creating new route table and creating new hop's ... any idea how to modify that ?

question from:https://stackoverflow.com/questions/65943172/azure-private-network-gateway-removing-propagated-network

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

If you want to limit the route on the client, you should add a route on the client instead of the Azure virtual network. In fact, you can find the route of the VPN client in the file VpnSettings.xml of the folder Generic from VPN client downloaded folder.

The file VpnSettings.xml will like this:

<?xml version="1.0"?>
<VpnProfile xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <VpnServer>azuregateway-xxxxx-xxx.vpn.azure.com</VpnServer>
  <VpnType>SSTP</VpnType>
  <CaCert>xxxxx</CaCert>
  <Routes>10.0.0.0/16</Routes>
  <Auth>EAPTLS</Auth>
  <VnetName>example-network</VnetName>
  <VnetId>06e10077-xxxx-xxxx-84d6-5aa4db8b6752</VnetId>
  <ServerCertRootCn>DigiCert Global Root CA</ServerCertRootCn>
  <ServerCertIssuerCn>DigiCert Global Root CA</ServerCertIssuerCn>
  <VpnClientAddressPool>192.168.100.0/24</VpnClientAddressPool>
  <AadIssuer />
  <AadTenant />
  <AadAudience />
  <CustomDnsServers />
</VpnProfile>

You could try to modify the route to <Routes>10.50.51.0/26,10.50.51.64/26</Routes> then you could reinstall the VPN client package like VpnClientSetupAmd64.exe.

In addition, you can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...