Routing with Ubuntu Linux VPN (Resource Manager mode)

(13 Sep 2017)

When using Ubuntu Linux Openswan / strongSwan VPN gateway for connecting to the Azure virtual network, the route tables may need to be modified to route the packets from the virtual network devices to the VPN server in Ubuntu. This can be done via PowerShell as described below. In the sample a route to address space 10.1.1.64/28 is set up to go via the VPN server at address 10.1.0.5 in subnet 10.1.0.0/24.

Connecting with PowerShell:

Use the following commands to connect to your subscription:

Login-AzureRmAccount

If you have several subscriptions, you can check the subscriptions with command “Get-AzureRmSubscription” and select the correct one with command:

Select-AzureRmSubscription -SubscriptionName “(your subscription name)”

Adding a new route:

Add a new routetable if it doesn’t already exist (you can check your current routetables with command “Get-AzureRmRouteTable”):

New-AzureRmRouteTable -Name “RTable01″ -ResourceGroupName ”rg1” -Location “North Europe”

 

Add a new route to the routetable (e.g. the addresses 10.1.1.64/28 below to be routed via the VPN gateway at address 10.1.0.5):

Get-AzureRmRouteTable -ResourceGroupName “rg1” -Name “RTable01” |
Add-AzureRmRouteConfig -Name “vpn01” -AddressPrefix “10.1.1.64/28” -NextHopType “VirtualAppliance” -NextHopIpAddress 10.1.0.5 |
Set-AzureRmRouteTable

 

Set the new route for the virtual network “VPNNet” and its subnet “default” with the subnet address “10.1.0.0/24” (check the correct values in the virtual network settings at the portal or with commands “Get-AzureRmVirtualNetwork” and “Get-AzureRmRoutetable“):

 

$vnet = Get-AzureRmVirtualNetwork -Name “VPNNet” -ResourceGroupName “rg1”
$routeTable = Get-AzureRmRoutetable -Name “RTable01” -ResourceGroupName “rg1”
Set-AzureRmVirtualNetworkSubnetConfig `
    -VirtualNetwork $vnet `
    -Name “default” `
    -AddressPrefix “10.1.0.0/24” `
    -RouteTableId $routeTable.Id |
    Set-AzureRmVirtualNetwork

 

Enable IP forwarding for the Ubuntu server in Azure (PowerShell)

Define the forwarding for the interface with name “interface1234” in the Ubuntu virtual machine (check the correct interface name via the Azure portal or with command “Get-AzureRmNetworkInterface -ResourceGroupName (your resourcegroup)):

$nic = Get-AzureRmNetworkInterface -Name interface1234 -ResourceGroupName “rg1”
$nic.EnableIPForwarding = $true
$nic | Set-AzureRmNetworkInterface
Enable IP forwarding in Ubuntu server Network settings in /etc/sysctl.conf

Uncomment the lines below in /etc/sysctl.conf and restart the Ubuntu server (or run sudo sysctl -p):

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1