Azure IoT Edge
An Azure service that is used to deploy cloud workloads to run on internet of things (IoT) edge devices via standard containers.
543 questions
Connection between edge device on Linux VM and IoTHub Private Link endpoint
Andrei Matrosau
45
Reputation points
I've followed: https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal.md
Edge runtime deployed on VirtualBox Linux VM.
When my IP is in the public network access IP filter list - a private endpoint is available and the edge device on the VM sends messages to the IoT Hub, but when I disable public network access to the IoT Hub - I lose connection to edge device and sudo iotedge system logs command output is:
gru 07 10:05:55 ubuntu20 systemd[1]: Started Azure IoT Edge daemon.
gru 07 10:05:55 ubuntu20 aziot-edged[125972]: 2023-12-07T09:05:55Z [INFO] - Starting Azure IoT Edge Daemon
gru 07 10:05:55 ubuntu20 aziot-edged[125972]: 2023-12-07T09:05:55Z [INFO] - Version - 1.4.20
gru 07 10:05:55 ubuntu20 aziot-edged[125972]: 2023-12-07T09:05:55Z [INFO] - Obtaining Edge device provisioning data...
gru 07 10:05:55 ubuntu20 systemd[1]: Started Azure IoT Identity Service.
gru 07 10:05:55 ubuntu20 aziot-identityd[125976]: 2023-12-07T09:05:55Z [INFO] - Starting service...
gru 07 10:05:55 ubuntu20 aziot-identityd[125976]: 2023-12-07T09:05:55Z [INFO] - Version - 1.4.6
gru 07 10:05:55 ubuntu20 aziot-identityd[125976]: 2023-12-07T09:05:55Z [INFO] - Provisioning starting. Reason: Startup
gru 07 10:05:55 ubuntu20 aziot-identityd[125976]: 2023-12-07T09:05:55Z [INFO] - Updated device info for EdgeDevice.
gru 07 10:05:55 ubuntu20 aziot-identityd[125976]: 2023-12-07T09:05:55Z [INFO] - Provisioning complete.
gru 07 10:05:55 ubuntu20 aziot-identityd[125976]: 2023-12-07T09:05:55Z [INFO] - Identity reconciliation started. Reason: Startup
gru 07 10:05:55 ubuntu20 systemd[1]: Started Azure IoT Keys Service.
gru 07 10:05:55 ubuntu20 aziot-keyd[125979]: 2023-12-07T09:05:55Z [INFO] - Starting service...
gru 07 10:05:55 ubuntu20 aziot-keyd[125979]: 2023-12-07T09:05:55Z [INFO] - Version - 1.4.6
gru 07 10:05:55 ubuntu20 aziot-keyd[125979]: 2023-12-07T09:05:55Z [INFO] - Loaded libaziot-keys with version 0x02010000
gru 07 10:05:55 ubuntu20 aziot-keyd[125979]: 2023-12-07T09:05:55Z [INFO] - Starting server...
gru 07 10:05:55 ubuntu20 aziot-keyd[125979]: 2023-12-07T09:05:55Z [INFO] - <-- GET /key/device-id?api-version=2021-05-01 {"host": "keyd.sock"}
gru 07 10:05:55 ubuntu20 aziot-keyd[125979]: 2023-12-07T09:05:55Z [INFO] - --> 200 {"content-type": "application/json"}
gru 07 10:05:55 ubuntu20 aziot-keyd[125979]: 2023-12-07T09:05:55Z [INFO] - <-- POST /sign?api-version=2021-05-01 {"content-type": "application/json", "host": "keyd.sock", "content-length": "390"}
gru 07 10:05:55 ubuntu20 aziot-keyd[125979]: 2023-12-07T09:05:55Z [INFO] - --> 200 {"content-type": "application/json"}
gru 07 10:05:56 ubuntu20 aziot-identityd[125976]: 2023-12-07T09:05:56Z [INFO] - Could not reconcile Identities with current device data. Reprovisioning.
gru 07 10:05:56 ubuntu20 aziot-identityd[125976]: 2023-12-07T09:05:56Z [INFO] - Updated device info for EdgeDevice.
gru 07 10:05:56 ubuntu20 aziot-keyd[125979]: 2023-12-07T09:05:56Z [INFO] - <-- GET /key/device-id?api-version=2021-05-01 {"host": "keyd.sock"}
gru 07 10:05:56 ubuntu20 aziot-keyd[125979]: 2023-12-07T09:05:56Z [INFO] - --> 200 {"content-type": "application/json"}
gru 07 10:05:56 ubuntu20 aziot-keyd[125979]: 2023-12-07T09:05:56Z [INFO] - <-- POST /sign?api-version=2021-05-01 {"content-type": "application/json", "host": "keyd.sock", "content-length": "390"}
gru 07 10:05:56 ubuntu20 aziot-keyd[125979]: 2023-12-07T09:05:56Z [INFO] - --> 200 {"content-type": "application/json"}
gru 07 10:05:57 ubuntu20 aziot-identityd[125976]: 2023-12-07T09:05:57Z [ERR!] - Failed to provision with IoT Hub, and no valid device backup was found: Hub client error
gru 07 10:05:57 ubuntu20 aziot-identityd[125976]: 2023-12-07T09:05:57Z [ERR!] - service encountered an error
gru 07 10:05:57 ubuntu20 aziot-identityd[125976]: 2023-12-07T09:05:57Z [ERR!] - caused by: Hub client error
gru 07 10:05:57 ubuntu20 aziot-identityd[125976]: 2023-12-07T09:05:57Z [ERR!] - caused by: {"errorCode":401002,"trackingId":"00e80e21f16a4316838ca89faded2800-G:0-TimeStamp:12/07/2023 09:05:57","message":"Unauthorized","timestampUtc":"2023-12-07T09:05:57.2785398Z"}
gru 07 10:05:57 ubuntu20 aziot-identityd[125976]: 2023-12-07T09:05:57Z [ERR!] - 0: <unknown>
gru 07 10:05:57 ubuntu20 aziot-identityd[125976]: 1: <unknown>
gru 07 10:05:57 ubuntu20 systemd[1]: aziot-identityd.service: Main process exited, code=exited, status=1/FAILURE
gru 07 10:05:57 ubuntu20 systemd[1]: aziot-identityd.service: Failed with result 'exit-code'.
gru 07 10:06:02 ubuntu20 systemd[1]: aziot-identityd.service: Scheduled restart job, restart counter is at 1.
gru 07 10:06:02 ubuntu20 systemd[1]: Stopped Azure IoT Identity Service.
gru 07 10:06:02 ubuntu20 aziot-edged[125972]: 2023-12-07T09:06:02Z [WARN] - Failed to send HTTP request (attempt 1 of 2): connection error: Connection reset by peer (os error 104)
gru 07 10:06:02 ubuntu20 systemd[1]: Started Azure IoT Identity Service.
gru 07 10:06:02 ubuntu20 aziot-identityd[126009]: 2023-12-07T09:06:02Z [INFO] - Starting service...
gru 07 10:06:02 ubuntu20 aziot-identityd[126009]: 2023-12-07T09:06:02Z [INFO] - Version - 1.4.6
gru 07 10:06:02 ubuntu20 aziot-identityd[126009]: 2023-12-07T09:06:02Z [INFO] - Provisioning starting. Reason: Startup
gru 07 10:06:02 ubuntu20 aziot-identityd[126009]: 2023-12-07T09:06:02Z [INFO] - Updated device info for EdgeDevice.
gru 07 10:06:02 ubuntu20 aziot-identityd[126009]: 2023-12-07T09:06:02Z [INFO] - Provisioning complete.
gru 07 10:06:02 ubuntu20 aziot-identityd[126009]: 2023-12-07T09:06:02Z [INFO] - Identity reconciliation started. Reason: Startup
gru 07 10:06:02 ubuntu20 aziot-keyd[125979]: 2023-12-07T09:06:02Z [INFO] - <-- GET /key/device-id?api-version=2021-05-01 {"host": "keyd.sock"}
gru 07 10:06:02 ubuntu20 aziot-keyd[125979]: 2023-12-07T09:06:02Z [INFO] - --> 200 {"content-type": "application/json"}
gru 07 10:06:02 ubuntu20 aziot-keyd[125979]: 2023-12-07T09:06:02Z [INFO] - <-- POST /sign?api-version=2021-05-01 {"content-type": "application/json", "host": "keyd.sock", "content-length": "390"}
gru 07 10:06:02 ubuntu20 aziot-keyd[125979]: 2023-12-07T09:06:02Z [INFO] - --> 200 {"content-type": "application/json"}
The question is: how to disable public network access to the IoT Hub and use only private endpoint?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 74%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
AshokPeddakotla-MSFT 27,876 Reputation points2023-12-08T07:24:07.85+00:00 Andrei Matrosau Greetings!
Did you check Turn off public network access using the Azure portal?
After public network access is disabled, the IoT Hub is only accessible through its VNet private endpoint using Azure private link. This restriction includes accessing through the Azure portal, because API calls to the IoT Hub service are made directly using your browser with your credentials.
Do let me know if you need any further help.
-
Andrei Matrosau 45 Reputation points
2023-12-08T07:42:21.6166667+00:00 Yes, I've disabled public network access to the IoT Hub. But I supposed that the edge modules that run on the VirtualBox with a configured VPN client should keep a connection with the IoT Hub.
-
AshokPeddakotla-MSFT 27,876 Reputation points
2023-12-19T02:55:18.15+00:00 Yes, If you have disabled public network access to the IoT Hub, the edge modules running on the VirtualBox with a configured VPN client should still be able to connect to the IoT Hub through the private endpoint.
Sign in to comment