Hey folks! I've recently set up a Point-to-Site VPN to securely access my SQL Server and other resources. I've disabled public access to the SQL Server and created a private endpoint to connect with the VNet that the VPN accesses. Despite these setups, I'm getting a 'connection denied' error because public access is turned off. Upon checking my connection trace, it looks like my requests aren't going through the VPN; instead, they seem to be originating from a public IP that I can't identify. Does anyone have suggestions or ideas on how I can resolve this?
3 Answers
It looks like you're not resolving to the private IP for the server! Make sure your setup is correctly pointing to it.
Without more details, I’d also bet on a DNS problem. Check this resource: [Azure Private Endpoint private DNS zone values | Microsoft Learn](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns). It seems pretty helpful. Just took me a quick Google search to find this while skimming through it. You might also want to look into this issue: [DNS Resolution Issue for Point-to-Site VPN Users in Azure - Microsoft Q&A](https://learn.microsoft.com/en-us/answers/questions/2089014/dns-resolution-issue-for-point-to-site-vpn-users-i).
You're right, it does seem to be a DNS issue! Even after clearing my cache, my PC is still resolving to the public IP. I'm following a guide to set up a forwarder for DNS requests from the VPN: [YouTube Link](https://youtu.be/Qo8g8FDyhmQ?si=sPOV2lSk3nRl6r9U).
It sounds like a DNS issue. You might need to set up a private DNS resolver in Azure and configure your VPN clients to use it as the DNS IP. That could help you resolve the private endpoint correctly.
I did set up a private DNS resolver, but it hasn't worked as expected. I'm currently working on setting up a forwarder to handle DNS requests.
Yes, I think I caught that but didn’t realize it at the time! Thanks for the reminder.