Forum Discussion
Resolving private-link resource internal ip from VPN
Using a Point-To-Site VPN to connect my PC to an Azure VNET (e.g. 10.99.0.0/16), and then Private Link to publish my PaaS services as end-points into a subnet in this VNET (e.g. 10.99.2.0/24), I'm trying to understand how I resolve the internal IP of the PaaS resource from my PC.
My configuration:
VNET: 10.99.0.0/24
subnetVM: 10.99.1.0/24
subnetPaaS: 10.99.2.0/24
SubnetVPN: 10.99.99.0/24
VPN client adress pool: 172.20.20.0/24
If I create a VM in this VNET (e.g. 10.99.1.4), I get 168.63.129.16 as the DNS server and using:
nslookup paasServicePublicDns
or:
nslookup paasServicePublicDns 168.63.129.16
will correctly give me the internal IP for the PaaS service (i.e. 10.99.2.4)
But from my PC (connected via VPN to 10.99.99.0/24), using:
nslookup paasServicePublicDns 168.63.129.16
will only give me the external/public IP for the PaaS service
ok, the 168.63.129.16 adress might not be routed to the VPN VNET, so I also added this route to my PC:
route add 168.63.129.16 MASK 255.255.255.255 172.20.20.4
(172.20.20.4 is my VPN endpoint on my PC)
route print -4 | FIND "172.20.20.4":
--->
Active Routes:
Network Destination Netmask Gateway Interface Metric
10.99.0.0 255.255.0.0 On-link 172.20.20.4 43
10.99.255.255 255.255.255.255 On-link 172.20.20.4 281
168.63.129.16 255.255.255.255 On-link 172.20.20.4 26
172.20.20.0 255.255.255.0 On-link 172.20.20.4 43
172.20.20.4 255.255.255.255 On-link 172.20.20.4 281
172.20.20.255 255.255.255.255 On-link 172.20.20.4 281
224.0.0.0 240.0.0.0 On-link 172.20.20.4 281
255.255.255.255 255.255.255.255 On-link 172.20.20.4 281
<---
And to make sure the VPN connection has a DNS server defined I also added 168.63.129.16 as the DNS server for the VPN connection:
--->
PPP adapter VNET-VPN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VNET-VPN
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.20.20.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 168.63.129.16
NetBIOS over Tcpip. . . . . . . . : Enabled
<---
But still I can't get and IP adress resolved. Any ideas why this is not working?
you will need to add a DNS configuration to your private endpoint and make provisions that your PC sends DNS queries to the right server.
Suggest you read this https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dnsif you prefer to make it simple, make an entry to your local hosts file.
cheers
Michi
