I'm able to connect successfully to my SSTP VPN on a Windows 2012 R2 machine running RRAS on Azure, but once connected, I can't access the internet.
I understand that I could workaround this issue by creating a split tunnel (disabling default gateway on remote network) on the client's end, but corporate policy discourages a split tunnel.
I'm sure this is a simple route that needs added in Azure, but I'm not sure what that would be.
Thanks!
According to your description, I test in my lab (the VM have one NIC), the same error as you.
Maybe you should check your RRAS configuration, check the IPv4-->NAT:
If you still have questions, welcome to post back here.
I've tested this issue.
Steps performed:
New Azure VPN config downloaded from the Azure Portal VPN Gateway P2S (doesn't work)
Checking of ipconfig /all , route print, tracert, nslookup, test-netconnection, telnet, wifi/wired interfaces settings (all checked, no issues)
The problem is somehow related to the the Microsoft EDGE web browser DNS settings. When open Microsoft EDGE -> Settings -> search for "dns" -> look for "Use secure DNS to specify how to lookup the network address for websites". By default there is a settings set "Use current service provider". To solve the case and have the internet connection while on Azure VPN select "Choose a service provider", click in the empty field below and select e.g. "Cloudflare (1.1.1.1)". It will appear as "https://chrome.cloudflare-dns.com/dns-query". Screens attached. Then reboot the web browser - Microsoft Edge - and the internet will start to work right away.
Security info: In this Cloudflare DNS is used to resolve your DNS queries. If you do not want to do that try with your own DNS servers or other DNS you prefer in this step.
NOTE: If this will help you feel free to leave short comment or just share this to other that have such issue.
In case of questions feel free to let me know via comments as well.
Best regards,
Tomasz Wieczorkowski
Its not a NAT issue. What is probably going on is that the IP configuration you are getting from the VPN is what is affecting. You need to have DHCP and DNS configured on your server and have your VPN forward/relay the DHCP scope to your VPN.
This is the properties of my VPN:
Here, notice the block reserved for RAS, this shows that some addresses have been reserved for your VPN and the relay is working and any PC that connects to your VPN should get an address automatically.
If you dont want to setup a DNS server, then in your DHCP configuration you can have google's public DNS as the DNS server.
I encountered this exact same issue when setting up my SSTP VPN.
UPDATE:
Looking at your network, is the subnet 10.10.10.xxx being "natted"? If it is, then it could be that youre trying to access the server behind a second NAT, assuming the 10.10.0.0 subnet IS a NAT itself. If it isnt, then port forwarding 443 from Azure to your server should do the trick along with the above i posted.
