Always On VPN with VWAN - Connects but no connectivity

Aaron Krytus 96 Reputation points
2021-07-30T12:07:14.663+00:00

I have an Azure vwan with 2 hubs.

  • HubWest
  • HubWest2

All the resources at this time only live in HubWest.

Currently using a P2S VPN on HubWest using a RADIUS server hosted in Azure. This works great no issues.

I am trying to create an Always On VPN on HubWest2 using a certificate. I built a xml vpn profile and used Microsoft devicecert.ps1 to create the VPN phonebook profile. Microsoft Learn - Configure an Always On VPN device tunnel for Virtual WAN

The connection is established with no issues. I cannot however contact any resources in HubWest. Microsoft has confirmed that there is connectivity between the hubs, although they cannot seem to figure out what the issue is. A partner of mine was also able to get the VPN to work using the downloadable client.

I was thinking there was a route issue in the xml profile. I copied the routes from the vpnsettings.xml file that comes with the client download from the Azure portal. I have also compared it to the other P2S VPN on HubWest.

Below are screen shots of the routes. I did not add all the routes since the

Any thoughts?

HubWest - Routes (Working)
119405-image.png

HubWest2 - Routes
119406-image.png

Azure Virtual WAN
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
197 questions
0 comments
Accepted answer
  1. Aaron Krytus 96 Reputation points
    2021-08-05T21:08:24.627+00:00

    Despite Microsofts best efforts they were unable to figure out the issue.

    I finally figured out what the problem was. It turns out that each Hub was set to propagate to its own route table. This meant the other hubs were unaware of the user vpn connections.

    To fix the problem I changed each hub to propagate its routes from connections to the default route table. This is the table that all the hubs are associated to by default. If you have a different table you need to choose one they all share. Hope this helps someone else out there. Good Luck!

    1. Click on "Hub"
    2. Click on "Routing"
    3. Click on "Default"
    4. Click on "Propagations"
    5. Click "Yes" on "Propagate routes from connections to this route table?"
    6. Click "default" from the drop down menu or what ever shared rout table you want.
    7. Click "Create"

    120943-screenshot-2021-08-05-170718.png

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest