0

I have configured Azure P2S IKEv2 VPN and downloaded the VPN client (in machine it shows as PPP adapter) into 2 machines, one each in different countries. Say our IP addresses are 170.10.10.121 & 170.10.10.122 . From here on we'll call the site with .121 machine as site A.

My machine(.122) would like to use (.121) as a gateway, so that I could browse the internet in my computer using site A's public IP address. Is this possible or have I got this terribly wrong?

My end goal is that, we have multiple sites(B,C,D) that'd like to use the internal network as well as access public internet using site A. This site has dynamic IP address for public internet and port forwarding is not an option as ISP is non cooperative.

As shown in the below picture, machines PC-B-1,C-1,D-1 are trying to use the PC-A-1 as a gateway to access the internet through Site A. Architecture Thanks.

Neo
  • 143
  • 12
  • I dont fully understand what you want to do but Point to Site VPN is intended for one Computer to Connect to your Azure Site. Its not intended to be used as a Gateway. It sounds more like you want to setup a S2S VPN. More information about P2S can be found here: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal – Daniel Björk Aug 24 '20 at 11:31
  • Hi @DanielBjörk . We have development team in 3 countries who are building a solution for a customer at site A. Several resources in the country of site A are geo restricted based on ip address and hence to by pass that we're trying to route all these sites to use site A's internet to browse the internet. – Neo Aug 24 '20 at 11:36
  • Is site A = Azure? – Daniel Björk Aug 24 '20 at 11:39
  • Please clarify your question and share a drawing of what you are trying to achieve. Currently its very confusing. – Daniel Björk Aug 24 '20 at 11:49
  • Hi @DanielBjörk , i've added a drawing of what I am trying to achieve. Basically want devices in all other sites to use site A's public IP addr to access internet. – Neo Aug 24 '20 at 12:18
  • 1
    OK, what you need to do is installing the P2S on all PCs in all sites and setup a FW/NVA in Azure and route the traffic through that one or setup S2S from all sites to Azure and route the traffic to a FW/NVA in Azure. Basically you will need a NVA/FW in Azure to get the same IP for all computers. – Daniel Björk Aug 24 '20 at 12:23
  • You cant use a P2S as a gateway. – Daniel Björk Aug 24 '20 at 12:25

2 Answers2

1

what you need to do is installing the P2S on all PCs in all sites and setup a FW/NVA in Azure and route the traffic through that one or setup S2S from all sites to Azure and route the traffic to a FW/NVA in Azure. Basically you will need a NVA/FW in Azure to get the same IP for all computers. You cant use a P2S as a gateway.

Prefered solution is to setup S2S VPN with NVA to get the same IP.

Daniel Björk
  • 2,475
  • 1
  • 19
  • 26
0

So this is the setup I am using as a work around. Since setting up a S2S is not an option for lack of infrastructure and lack of time, As given in the question, I installed P2S VPN agents in all the machines that is involved, from the machine whose internet we wanted (in site A) to be used by others, to all the other machines (in B,C,D). Now that all the machines are in Azure Vnet, I installed WinGate application at Site A machine and activated proxy.

Then I configured proxy on the rest of the machines in sites B,C and D to proxy through the machine in Site A using its Azure Vnet ip address.

Machines involved are all Windows 10.

This might not be the best solution, but given the extraordinary list of limitations definitely this was the quickest and easiest.

Let's see if we can get better and quicker solutions for the same :)

Meanwhile thanks for all the suggestions :)

Neo
  • 143
  • 12