Route ip specific traffic to AWS from Azure through OpenVPN









up vote
-1
down vote

favorite
1












I am not a devops person but trying out something on my own. I have provisioned few resources in Azure and AWS. Want to make connection between them through VPN. as an example, i have web app in Azure and DB in AWS. I want to make the app connect to DB without any problem. I did below things.



  1. AWS is already being accessed through VPN (openVPN). So VPN server is already setup in AWS and working.

  2. I created a VM (in a VNET) in Azure and installed OpenVPN client there. Loaded AWS vpn config into Azure VM. Now i can make calls to AWS from Azure VM through VPN.

  3. I created a route table to hop AWS traffic through Azure VM (VPN).

Now the problem is, My webapp is in azure (app service) but is not in any Virtual Network. The traffic is not flowing through VPN and i can't access AWS DB from anywhere except Azure VM(VPN)



Am i missing any thing here? Some basic questions are
1) Is it mandatory to have all resources in the same VNET/SubNet of Azure VM (VPN) to be able to access AWS ?
2) Is it mandatory to have resources in any VNET/SubNET to be able to use VPN?
3) Should the route table be linked to the subnets of the resources which want to access VPN?



Any pointer is really helpful for me.










share|improve this question

























    up vote
    -1
    down vote

    favorite
    1












    I am not a devops person but trying out something on my own. I have provisioned few resources in Azure and AWS. Want to make connection between them through VPN. as an example, i have web app in Azure and DB in AWS. I want to make the app connect to DB without any problem. I did below things.



    1. AWS is already being accessed through VPN (openVPN). So VPN server is already setup in AWS and working.

    2. I created a VM (in a VNET) in Azure and installed OpenVPN client there. Loaded AWS vpn config into Azure VM. Now i can make calls to AWS from Azure VM through VPN.

    3. I created a route table to hop AWS traffic through Azure VM (VPN).

    Now the problem is, My webapp is in azure (app service) but is not in any Virtual Network. The traffic is not flowing through VPN and i can't access AWS DB from anywhere except Azure VM(VPN)



    Am i missing any thing here? Some basic questions are
    1) Is it mandatory to have all resources in the same VNET/SubNet of Azure VM (VPN) to be able to access AWS ?
    2) Is it mandatory to have resources in any VNET/SubNET to be able to use VPN?
    3) Should the route table be linked to the subnets of the resources which want to access VPN?



    Any pointer is really helpful for me.










    share|improve this question























      up vote
      -1
      down vote

      favorite
      1









      up vote
      -1
      down vote

      favorite
      1






      1





      I am not a devops person but trying out something on my own. I have provisioned few resources in Azure and AWS. Want to make connection between them through VPN. as an example, i have web app in Azure and DB in AWS. I want to make the app connect to DB without any problem. I did below things.



      1. AWS is already being accessed through VPN (openVPN). So VPN server is already setup in AWS and working.

      2. I created a VM (in a VNET) in Azure and installed OpenVPN client there. Loaded AWS vpn config into Azure VM. Now i can make calls to AWS from Azure VM through VPN.

      3. I created a route table to hop AWS traffic through Azure VM (VPN).

      Now the problem is, My webapp is in azure (app service) but is not in any Virtual Network. The traffic is not flowing through VPN and i can't access AWS DB from anywhere except Azure VM(VPN)



      Am i missing any thing here? Some basic questions are
      1) Is it mandatory to have all resources in the same VNET/SubNet of Azure VM (VPN) to be able to access AWS ?
      2) Is it mandatory to have resources in any VNET/SubNET to be able to use VPN?
      3) Should the route table be linked to the subnets of the resources which want to access VPN?



      Any pointer is really helpful for me.










      share|improve this question













      I am not a devops person but trying out something on my own. I have provisioned few resources in Azure and AWS. Want to make connection between them through VPN. as an example, i have web app in Azure and DB in AWS. I want to make the app connect to DB without any problem. I did below things.



      1. AWS is already being accessed through VPN (openVPN). So VPN server is already setup in AWS and working.

      2. I created a VM (in a VNET) in Azure and installed OpenVPN client there. Loaded AWS vpn config into Azure VM. Now i can make calls to AWS from Azure VM through VPN.

      3. I created a route table to hop AWS traffic through Azure VM (VPN).

      Now the problem is, My webapp is in azure (app service) but is not in any Virtual Network. The traffic is not flowing through VPN and i can't access AWS DB from anywhere except Azure VM(VPN)



      Am i missing any thing here? Some basic questions are
      1) Is it mandatory to have all resources in the same VNET/SubNet of Azure VM (VPN) to be able to access AWS ?
      2) Is it mandatory to have resources in any VNET/SubNET to be able to use VPN?
      3) Should the route table be linked to the subnets of the resources which want to access VPN?



      Any pointer is really helpful for me.







      amazon-web-services vpn azure-virtual-network subnet openvpn






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 11 at 17:06









      Venky

      2,00212339




      2,00212339






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          You are correct.



          It is mandatory to have VM's in VNET. So you will be control of routing ip packets across the internet and also locally and also from external connections.



          Here is a complete documentation on how to enable peering between two clouds.



          https://www.microsoft.com/developerblog/2015/08/30/connecting-an-aws-vpc-to-azure-vnet-via-resource-manager/



          Instead of openswan you can replace the configuration with openvpn.



          Hope it helps.






          share|improve this answer




















          • Thanks. But i am not using AWS VPC and azure VNET Gateway. I am trying to route through a VPN Client installed in a VM. How does this work for AppServices, FunctionApps and Azure PaaS offerings. Do all these have to be in a VNET?
            – Venky
            Nov 12 at 9:55










          Your Answer






          StackExchange.ifUsing("editor", function ()
          StackExchange.using("externalEditor", function ()
          StackExchange.using("snippets", function ()
          StackExchange.snippets.init();
          );
          );
          , "code-snippets");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "1"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53251123%2froute-ip-specific-traffic-to-aws-from-azure-through-openvpn%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote













          You are correct.



          It is mandatory to have VM's in VNET. So you will be control of routing ip packets across the internet and also locally and also from external connections.



          Here is a complete documentation on how to enable peering between two clouds.



          https://www.microsoft.com/developerblog/2015/08/30/connecting-an-aws-vpc-to-azure-vnet-via-resource-manager/



          Instead of openswan you can replace the configuration with openvpn.



          Hope it helps.






          share|improve this answer




















          • Thanks. But i am not using AWS VPC and azure VNET Gateway. I am trying to route through a VPN Client installed in a VM. How does this work for AppServices, FunctionApps and Azure PaaS offerings. Do all these have to be in a VNET?
            – Venky
            Nov 12 at 9:55














          up vote
          0
          down vote













          You are correct.



          It is mandatory to have VM's in VNET. So you will be control of routing ip packets across the internet and also locally and also from external connections.



          Here is a complete documentation on how to enable peering between two clouds.



          https://www.microsoft.com/developerblog/2015/08/30/connecting-an-aws-vpc-to-azure-vnet-via-resource-manager/



          Instead of openswan you can replace the configuration with openvpn.



          Hope it helps.






          share|improve this answer




















          • Thanks. But i am not using AWS VPC and azure VNET Gateway. I am trying to route through a VPN Client installed in a VM. How does this work for AppServices, FunctionApps and Azure PaaS offerings. Do all these have to be in a VNET?
            – Venky
            Nov 12 at 9:55












          up vote
          0
          down vote










          up vote
          0
          down vote









          You are correct.



          It is mandatory to have VM's in VNET. So you will be control of routing ip packets across the internet and also locally and also from external connections.



          Here is a complete documentation on how to enable peering between two clouds.



          https://www.microsoft.com/developerblog/2015/08/30/connecting-an-aws-vpc-to-azure-vnet-via-resource-manager/



          Instead of openswan you can replace the configuration with openvpn.



          Hope it helps.






          share|improve this answer












          You are correct.



          It is mandatory to have VM's in VNET. So you will be control of routing ip packets across the internet and also locally and also from external connections.



          Here is a complete documentation on how to enable peering between two clouds.



          https://www.microsoft.com/developerblog/2015/08/30/connecting-an-aws-vpc-to-azure-vnet-via-resource-manager/



          Instead of openswan you can replace the configuration with openvpn.



          Hope it helps.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 11 at 19:39









          Kannaiyan

          5,85611942




          5,85611942











          • Thanks. But i am not using AWS VPC and azure VNET Gateway. I am trying to route through a VPN Client installed in a VM. How does this work for AppServices, FunctionApps and Azure PaaS offerings. Do all these have to be in a VNET?
            – Venky
            Nov 12 at 9:55
















          • Thanks. But i am not using AWS VPC and azure VNET Gateway. I am trying to route through a VPN Client installed in a VM. How does this work for AppServices, FunctionApps and Azure PaaS offerings. Do all these have to be in a VNET?
            – Venky
            Nov 12 at 9:55















          Thanks. But i am not using AWS VPC and azure VNET Gateway. I am trying to route through a VPN Client installed in a VM. How does this work for AppServices, FunctionApps and Azure PaaS offerings. Do all these have to be in a VNET?
          – Venky
          Nov 12 at 9:55




          Thanks. But i am not using AWS VPC and azure VNET Gateway. I am trying to route through a VPN Client installed in a VM. How does this work for AppServices, FunctionApps and Azure PaaS offerings. Do all these have to be in a VNET?
          – Venky
          Nov 12 at 9:55

















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53251123%2froute-ip-specific-traffic-to-aws-from-azure-through-openvpn%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Top Tejano songwriter Luis Silva dead of heart attack at 64

          政党

          天津地下鉄3号線