Routing with Ubuntu Linux VPN (Classic mode)

(10 Jan 2017)

When using Ubuntu Linux Openswan / strongSwan VPN gateway for connecting to the Azure virtual network, the route tables may need to be modified to route the packets from the virtual network devices via the Ubuntu server. E.g. in the test case below a tunnel mode VPN connection was established between the remote network and the local virtual network The route settings were modified via PowerShell to route the packets to the remote network via the VPN gateway at (see the instructions in Azure doc Control routing and use virtual appliances (classic) using PowerShell).

Adding a new route for Subnet-2 via the Openswan/strongSwan gateway (PowerShell):

New-AzureRouteTable -Name UdrTest -Location uswest -Label “Route table for vpn“

Get-AzureRouteTable UdrTest `
|Set-AzureRoute -RouteName vpn1 -AddressPrefix `
-NextHopType VirtualAppliance `

Set-AzureSubnetRouteTable -VirtualNetworkName VNet_swan `
-SubnetName Subnet-2 `
-RouteTableName UdrTest

Enable IP forwarding for the Ubuntu server in Azure (PowerShell)

Get-AzureVM -Name UbuntuSwan -ServiceName UbuntuSwan `
| Set-AzureIPForwarding -Enable

Enable IP forwarding in Ubuntu server Network settings in /etc/sysctl.conf