question

PuneetAgarwal-0674 avatar image
0 Votes"
PuneetAgarwal-0674 asked HitchlerHeather-6014 commented

P2S VPN gateway, is it possible to connect one client to another client ?

Hi,
I have a question around azure P2S VPN offering, I set it up nicely and installed VPN client on VM, which is able to access azure resources available on that Vnet, But i have a different requirement where I have two VMs where i have installed and connected via VPN client, is it possible Vm1 to be able to accesss VM2 ? currently, i am not able to do so, considering both are in same subnet, they should be able to access each other but i am not able to do so so far ?

azure-vpn-gateway
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.


So, i did some trials and what I found is client to client connectivity is possible if tunnel type is openVPN, and i validated the same , i changed the tunnel type to openVPN and it worked, now my two VMs (in obsoletely different network) can connect to each other via VPN allocated IPs. Unfortunately i cant find this documented in azure VPN documentation.

0 Votes 0 ·

IWe have been testing this. Using Azure p2s flavor OpenVpn and even with an Azure FW the clients can communicate because they are in the same subnet. We are trying to prevent the client to client communication.

0 Votes 0 ·

1 Answer

AlanKinane avatar image
0 Votes"
AlanKinane answered PuneetAgarwal-0674 commented

VPN clients can't communicate with each other over the VPN but where are these VMs hosted? You mention they are on the same subnet, are these VMs in Azure already or on premises? They should be able to communicate with each other using their local (LAN) IPs, not the Azure VPN IP address.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AlanKinane Thanks for the response, basically in my case these two VMs may or may not be hosted on azure , we dont control these client VMs , but what we need is a way so that these VMs can talk to each other via VPN tunnel, because thier local network doesnt allow any inbound communication on them.
Just to give you more insight on what i am trying to do here is, I want to build tunnel between 2 or more github actions agents (runner) so that they can talk to each other, Github restrict all inbound port into thier runners, hence nobody could reach out to GH runners from outside. I was able to install VPN client into it and it got connected to VPN gateway and i can ping it now from my server VM (hosted in same Vnet) successfully but i also wants to ping it from any other VM where i have installed VPN client but not able to do so.
when I says both VM are on same vnet, i mean they share address from same VPN gateway hence there might be possibility of thier connection.

0 Votes 0 ·