question

JP-7269 avatar image
0 Votes"
JP-7269 asked TravisCragg-MSFT answered

Unable to Connect to App Service although connected to VNet using OpenVPN SSL Azure Client

I set up an app service and set access restrictions. I am allowing the virtual network subnets: default/firewall/gateway.

I also set up a virtual network which I connected to using a point to site connection. This uses OpenVPN SSL and Active Directory Authentication. I downloaded the client and using AzureVPNClient appear to have connected successfully.

However, when I try to connect to my app service I am still getting an Error 403 Forbidden.

azure-virtual-networkazure-vpn-gatewayazure-ad-authentication
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

TravisCragg-MSFT avatar image
0 Votes"
TravisCragg-MSFT answered

Hi @JP-7269,

Although it is not necessarily intuitive, when you connect a machine via P2S to an Azure VNET, you are given an address range that you specify in the P2S configuration. In the Azure Portal this is called the 'Address Pool', and it cannot be in the same IP range as your Virtual Network.

You will need to allow this Address Range in your App Service in order to allow connections.


Also keep in mind that if you are connecting using the public endpoint on the App Service, this will likely still not work as the request is not coming from Azure, but from your local computer. Internet traffic is not sent across the VPN. If you are using an App Service (and not an ASE), consider using a private endpoint.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.