0

I'm trying to connect to an Azure SQL database with the use of an Point-to-Site VPN connection based on Azure AD authentication. I can connect with the VPN without any problems and I get a green status that everything is connected. However, I cannot access the database.

The database is set up that access is only granted to certain IPs so we want to use the VPN to access the database. The VPN is set up so that it can connect with a VNET and the VNET is connected to the SQL database.

I have followed the following tutorials during the setup of the VPN and VNET:

On Stackoverflow I found this question in which is stated that the thing I'm trying to do is not possible. However, this post is from 2018. So I was wondering if it already works?

Sander
  • 107
  • 6

2 Answers2

3

I tried to reproduce the same in my environment and got the results below:

Created Azure point-to-site azure virtual network gateway with Azure certificate like below:

enter image description here

enter image description here

Generating Client and Root Certificate and export as a public key and connect to VPN client successfully like below:

enter image description here

Refer: Configure Point to Site VPN Connection using Azure Certificate Authentication

Created SQL database with private endpoint like below:

enter image description here

Make sure to Disable public access in SQL server and try new private endpoint with Microsoft SQL/server like below:

enter image description here . enter image description here

Try to login your vm to remote desktop and install SQL server management studio in a Connect to Server enter the fully qualified hostname of your managed instance in the Server name like below:

enter image description here

when I try to connect with my private IP address it connected successfully like below:

enter image description here

References:

Configure point-to-site connectivity using SSMS - Azure SQL Managed Instance | Microsoft Learn

Connect to an Azure SQL server using an Azure Private Endpoint - Azure portal | Microsoft Learn

Imran
  • 3,875
  • 2
  • 3
  • 12
  • Thanks for the time you took to answer the question. From your answer I understand that I need to connect to a VM in order to access the database. But is it also possible to connect directly from my own Windows PC to the database? – Sander Mar 27 '23 at 08:46
  • If you are using with private endpoint you need connect with VM in public access you can connect directly – Imran Mar 27 '23 at 08:52
  • with public access I can only connect when the ip is added as a firewall rule or am I missing a setting? People want to load the data from sql into their Excel sheets so the reason I need VPN is that I dont want to manually add all the ips of everyone – Sander Mar 27 '23 at 09:19
  • Check vnet and sql datebase are in same region. in firewall rules try to add the IP range of the VNET to the SQL database firewall rules in order to allow access from the VNET. You can find the IP range of the VNET in the VNET settings.if still error persists you may need to contact Azure support for further assistance. – Imran Mar 27 '23 at 10:09
  • 1
    Thanks that did the trick. I forgot to add the ip of the vnet as a firewall rule.... – Sander Mar 27 '23 at 11:26
-1

A private endpoint is the only way to connect Azure SQL through S2S(and P2S) VPN: https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview / https://learn.microsoft.com/en-us/azure/azure-sql/database/private-endpoint-overview?view=azuresql.

VNet rule aka service endpoint works only from Azure VNet subnet to SQL resource: https://learn.microsoft.com/en-us/azure/azure-sql/database/vnet-service-endpoint-rule-overview?view=azuresql

jikuja
  • 459
  • 2
  • 16