VPN gateway not produce traffic

Question

I mounted a VPN Gateway to connect using IPsec with other VM using internet. In my case Im using Debian in the other side, and seems how connect using strongswan. My surprise is checking logs of traffic, because there is no traffic data in azure side. Checking logs in the other side appears only this:

Jul 19 16:47:16 vpnserver2 charon: 01[ENC] generating INFORMATIONAL response 1000 [ ]
Jul 19 16:47:16 vpnserver2 charon: 01[NET] sending packet: from MypublicIPA[4500] to MypublicIPB[4500] (80 bytes)
Jul 19 16:47:18 vpnserver2 charon: 14[NET] received packet: from MypublicIPB[4500] to MypublicIPA[4500] (80 bytes)
Jul 19 16:47:18 vpnserver2 charon: 14[ENC] parsed INFORMATIONAL request 1001 [ ]
Jul 19 16:47:18 vpnserver2 charon: 14[ENC] generating INFORMATIONAL response 1001 [ ]
Jul 19 16:47:18 vpnserver2 charon: 14[NET] sending packet: from MypublicIPA[4500] to MypublicIPB[4500] (80 bytes)
Jul 19 16:47:20 vpnserver2 charon: 13[NET] received packet: from MypublicIPB[4500] to MypublicIPA[4500] (80 bytes)
Jul 19 16:47:20 vpnserver2 charon: 13[ENC] parsed INFORMATIONAL request 1002 [ ]
Jul 19 16:47:20 vpnserver2 charon: 13[ENC] generating INFORMATIONAL response 1002 [ ]
Jul 19 16:47:20 vpnserver2 charon: 13[NET] sending packet: from MypublicIPA[4500] to MypublicIPB[4500] (80 bytes)
Jul 19 16:47:22 vpnserver2 charon: 15[NET] received packet: from MypublicIPB[4500] to MypublicIPA[4500] (80 bytes)
Jul 19 16:47:22 vpnserver2 charon: 15[ENC] parsed INFORMATIONAL request 1003 [ ]
Jul 19 16:47:22 vpnserver2 charon: 15[ENC] generating INFORMATIONAL response 1003 [ ]
Jul 19 16:47:22 vpnserver2 charon: 15[NET] sending packet: from MypublicIPA[4500] to MypublicIPB[4500] (80 bytes)
Jul 19 16:47:24 vpnserver2 charon: 05[NET] received packet: from MypublicIPB[4500] to MypublicIPA[4500] (80 bytes)
Jul 19 16:47:24 vpnserver2 charon: 05[ENC] parsed INFORMATIONAL request 1004 [ ]
Jul 19 16:47:24 vpnserver2 charon: 05[ENC] generating INFORMATIONAL response 1004 [ ]
Jul 19 16:47:24 vpnserver2 charon: 05[NET] sending packet: from MypublicIPA[4500] to MypublicIPB[4500] (80 bytes)
Jul 19 16:47:26 vpnserver2 charon: 16[NET] received packet: from MypublicIPB[4500] to MypublicIPA[4500] (80 bytes)
Jul 19 16:47:26 vpnserver2 charon: 16[ENC] parsed INFORMATIONAL request 1005 [ ]
Jul 19 16:47:26 vpnserver2 charon: 16[ENC] generating INFORMATIONAL response 1005 [ ]
Jul 19 16:47:26 vpnserver2 charon: 16[NET] sending packet: from MypublicIPA[4500] to MypublicIPB[4500] (80 bytes)
Jul 19 16:47:28 vpnserver2 charon: 11[NET] received packet: from MypublicIPB[4500] to MypublicIPA[4500] (80 bytes)
Jul 19 16:47:28 vpnserver2 charon: 11[ENC] parsed INFORMATIONAL request 1006 [ ]
Jul 19 16:47:28 vpnserver2 charon: 11[ENC] generating INFORMATIONAL response 1006 [ ]
Jul 19 16:47:28 vpnserver2 charon: 11[NET] sending packet: from MypublicIPA[4500] to MypublicIPB[4500] (80 bytes)
Jul 19 16:47:30 vpnserver2 charon: 06[NET] received packet: from MypublicIPB[4500] to MypublicIPA[4500] (80 bytes)
Jul 19 16:47:30 vpnserver2 charon: 06[ENC] parsed INFORMATIONAL request 1007 [ ]
Jul 19 16:47:30 vpnserver2 charon: 06[ENC] generating INFORMATIONAL response 1007 [ ]
Jul 19 16:47:30 vpnserver2 charon: 06[NET] sending packet: from MypublicIPA[4500] to MypublicIPB[4500] (80 bytes)
Jul 19 16:47:32 vpnserver2 charon: 03[NET] received packet: from MypublicIPB[4500] to MypublicIPA[4500] (80 bytes)

I don't know If I need to create route tables to connect between vpn gateway and rest of nets inside azure, but I espected to generate traffic about connection but not seeems to be really connected.

Checking logs appears empty too, so I don't know where to check If something fails.

Suggestions?

You could refer to this [link](https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-troubleshoot-manage-portal) to check VPN gateway log. — Shui shengbao, Jul 20 '17 at 05:05
Great! Is justly what Im loooking for. My problem now is to connect vnets because UDR only seems to be for subnets.I don't know azure how works networking part inside private Ips. — deconya, Jul 20 '17 at 09:04
Based on my knowledge, you create a site-to-site VPN, could you ping Azure private IP? — Shui shengbao, Jul 20 '17 at 09:10
Exactly, I created site-to-site VPN. Now the problem is how to connect to vnets inside azure. Checking config I can't see where of azure gw you can choose local vnets, option that you can change in strongswan. Now appears inbound traffic, so I understand that problem is how to do the routing inside group resources. — deconya, Jul 20 '17 at 10:32
To update info, I found in other thread how to use peering. (https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-create-peering) — deconya, Jul 20 '17 at 13:26
Do you mean you want to route your traffic from one Vnet to other Vnet? If yes, Azure does not support this. Peering also does not work. — Shui shengbao, Jul 20 '17 at 13:38
Sorry, I am not in the office. If possible, could your share your detail scenario in your question, I will check tommower. — Shui shengbao, Jul 20 '17 at 13:40
Yes of course, actually I connected VPN using this guide (https://docs.microsoft.com/es-es/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-cli) and I have 4 GR with their vnets.Guide said to use a new GR and vnet, so now I need to connect this vnet to the rest. Other problem is that I have 2 subscriptions. The question is to know networking possibilities in Azure. . — deconya, Jul 20 '17 at 15:09

score 1 · Accepted Answer · answered Jul 21 '17 at 02:13

Checking logs appears empty too, so I don't know where to check If something fails.

You could use Network Watcher to check VPN log, please refer to this link.

I have 4 GR with their vnets.Guide said to use a new GR and vnet, so now I need to connect this vnet to the rest.

For now, this is impossible. VPN traffic could not have transitive relationship between two VNet. It means you need create two Site-to-Site VPN from your local to two VNet in Azure. UDR and peering also don't work in this scenario. Please refer to this answer.

VPN gateway not produce traffic

1 Answers1