Some resources not "entirely" reachable over site2site
Posted: Thu Apr 25, 2024 11:19 am
Hi,
I have site2site config with azure vnet and are experiencing following behavior:
Clients on ovpn network are able to reach resources on azure vnet as expected, working without issues.
Clients on lan/mgmt are able to reach resources when testing on tcp level (port seems to be open and reachable), curl to websites returns a valid response, however if we try to reach same website over browser it loads for few minutes and then displays the page, sometimes it does it after a few seconds and sometimes it seems to load indefinitely. Tested on multiple clients macos/windows. Also dns service on azure vnet is functioning fine for lan/mgmt clients, they are resolving resources to private IPs on azure vnet.
I have very little networking background and never used mikrotik, just inherited it and trying to go from here.
Disabled all of the firewall deny rules to rule it out. Double checked everything regarding ovpn and lan/mgmt network config seems identical in terms of site2site config.
edit:
this guide was used to perfrom the site2site config: https://cloudtips.nl/configuring-azure- ... b5ed0bea6e
I am not entirely sure why excatly we need NAT rules, but without them it isn't working at all.
I have site2site config with azure vnet and are experiencing following behavior:
Clients on ovpn network are able to reach resources on azure vnet as expected, working without issues.
Clients on lan/mgmt are able to reach resources when testing on tcp level (port seems to be open and reachable), curl to websites returns a valid response, however if we try to reach same website over browser it loads for few minutes and then displays the page, sometimes it does it after a few seconds and sometimes it seems to load indefinitely. Tested on multiple clients macos/windows. Also dns service on azure vnet is functioning fine for lan/mgmt clients, they are resolving resources to private IPs on azure vnet.
I have very little networking background and never used mikrotik, just inherited it and trying to go from here.
Disabled all of the firewall deny rules to rule it out. Double checked everything regarding ovpn and lan/mgmt network config seems identical in terms of site2site config.
edit:
this guide was used to perfrom the site2site config: https://cloudtips.nl/configuring-azure- ... b5ed0bea6e
I am not entirely sure why excatly we need NAT rules, but without them it isn't working at all.