How do I connect to an Azure SQL Server via an Azure VPN Gateway?

azure azure-networking azure-sql
10,986

Solution 1

I have just received a response from Azure Support on this issue (03/03/2018) and they have confirmed that what I'm trying to achieve isn't currently possible.

Solution 2

This is more workaround rather than using the VPN gateway.

You can try setting up a VPN server with NAT on your VM, allow the VM IP address on Azure SQL, and then your developers will connect to the VPN server on the VM.

The NAT will trick Azure SQL to think that the clients are the VM.

Share:
10,986
Chris Roberts
Author by

Chris Roberts

I'm a developer turned business owner working in Cheltenham, England.

Updated on September 18, 2022

Comments

  • Chris Roberts
    Chris Roberts almost 2 years

    I have setup an Azure SQL Server with an Elastic Pool into which I have created a Test database.

    I have also setup an Azure Virtual Network and a Point-to-Site VPN. The Virtual Network has 2 subnets - one for the GatewaySubnet and another into which I have placed a Windows Virtual Machine.

    I have successfully configured Remote Desktop access to the VM and have verified that I can only connect to Remote Desktop by using the server's internal IP when I am connected to the VPN (I have also disallowed RDP access via the external IP - but that's not relevant to my question).

    I'd like to restrict and control access to the SQL Server as far as possible. I have set "Allow access to Azure services" to "OFF". I have also added both of my Virtual Networks' subnets to the SQL Server's firewall settings and enabled the "Microsoft.Sql" endpoint.

    I have verified that I can connect to the SQL Server from a copy of SQL Server Management Studio installed on the Virtual Machine.

    However - I can't connect using SQL Server Management Studio from my desktop machine, even when I'm connected via the VPN. I'd like to be able to do this without adding my client IP directly to the firewall. We have a number of remote developers (all on dynamic IPs) who will need to access the servers and I don't want the overhead of managing these firewall rules. I'd much rather just give them the VPN client.

    Thanks in advance...

  • Bruno Faria
    Bruno Faria over 6 years
    So from my understanding, you want to restrict the access to SQL DB to the private network only, including access from On-Prem workstations and VMs connected through S2S, but that is not possible even with the newly added feature called "Service Endpoints". Is that correct? Because I thought that was what "Service Endpoints" were supposed to do.
  • GregGalloway
    GregGalloway over 6 years
    @BrunoFaria Service Endpoints in their current incarnation work great for resources on a VNET connecting to Azure SQL. But they don't help at all with an on prem client trying to connect to Azure SQL. That connection still happens via the on prem client's public IP. You might look at ExpressRoute public peering (instead of site-to-site VPN) or Azure SQL DB Managed Instance (which does support connecting over site-to-site VPN).
  • Roberto Bonini
    Roberto Bonini almost 5 years
    Any changes for the updates on this functionality?
  • Hilarion
    Hilarion about 3 years
    If I'm understanding you right, for Point-to-Site VPN this would mean, that you need to mess with your client-side routing settings each time you connect to and disconnect from the VPN.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to give an Azure SQL DB instance a private IP?
Azure Virtual Machine has no public IP yet can access the internet
Connect to Azure VM on 8080 port
Logs from a site to site connection in Azure
How to assign public IP to VM in VM-scaleset in Azure
How to create database user and assign role to it with terraform
Azure VM can't access internet
Rate Limit using Azure Application Gateway
Unblocking port 25 limitations in Azure
Exporting on-prem SQL Server to Azure SQL using BAPAC fails because of users with Windows Auth