I’m trying to connect to an Azure SQL database with the use of an Point-to-Site VPN connection based on Azure AD authentication. I can connect with the VPN without any problems and I get a green status that everything is connected. However, I cannot access the database.
The database is set up that access is only granted to certain IPs so we want to use the VPN to access the database. The VPN is set up so that it can connect with a VNET and the VNET is connected to the SQL database.
I have followed the following tutorials during the setup of the VPN and VNET:
- https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about
- https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about
On Stackoverflow I found this question in which is stated that the thing I’m trying to do is not possible. However, this post is from 2018. So I was wondering if it already works?
2
Answers
A private endpoint is the only way to connect Azure SQL through S2S(and P2S) VPN: https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview / https://learn.microsoft.com/en-us/azure/azure-sql/database/private-endpoint-overview?view=azuresql.
VNet rule aka service endpoint works only from Azure VNet subnet to SQL resource: https://learn.microsoft.com/en-us/azure/azure-sql/database/vnet-service-endpoint-rule-overview?view=azuresql
I tried to reproduce the same in my environment and got the results below:
Created Azure point-to-site azure virtual network gateway with Azure certificate like below:
Generating Client and Root Certificate and export as a public key and connect to VPN client successfully like below:
Refer: Configure Point to Site VPN Connection using Azure Certificate Authentication
Created SQL database with private endpoint like below:
Make sure to Disable public access in SQL server and try new private endpoint with
Microsoft SQL/server
like below:.
Try to login your vm to remote desktop and install SQL server management studio in a Connect to Server enter the fully qualified hostname of your managed instance in the Server name like below:
when I try to connect with my private IP address it connected successfully like below:
References:
Configure point-to-site connectivity using SSMS – Azure SQL Managed Instance | Microsoft Learn
Connect to an Azure SQL server using an Azure Private Endpoint – Azure portal | Microsoft Learn