Routing with Ubuntu Linux VPN (Classic mode)

(10 Jan 2017)

When using Ubuntu Linux Openswan / strongSwan VPN gateway for connecting to the Azure virtual network, the route tables may need to be modified to route the packets from the virtual network devices via the Ubuntu server. E.g. in the test case below a tunnel mode VPN connection was established between the remote network 192.168.2.0/24 and the local virtual network 192.168.1.0/24. The route settings were modified via PowerShell to route the packets to the remote network 192.168.2.0/24 via the VPN gateway at 192.168.1.4 (see the instructions in Azure doc Control routing and use virtual appliances (classic) using PowerShell).

Adding a new route for Subnet-2 via the Openswan/strongSwan gateway (PowerShell):

New-AzureRouteTable -Name UdrTest -Location uswest -Label “Route table for vpn“

Get-AzureRouteTable UdrTest `
|Set-AzureRoute -RouteName vpn1 -AddressPrefix 192.168.2.0/24 `
-NextHopType VirtualAppliance `
-NextHopIpAddress 192.168.1.4

Set-AzureSubnetRouteTable -VirtualNetworkName VNet_swan `
-SubnetName Subnet-2 `
-RouteTableName UdrTest

Enable IP forwarding for the Ubuntu server in Azure (PowerShell)

Get-AzureVM -Name UbuntuSwan -ServiceName UbuntuSwan `
| Set-AzureIPForwarding -Enable

Enable IP forwarding in Ubuntu server Network settings in /etc/sysctl.conf

net.ipv4.ip_forward=1