Forum Discussion
Microsoft Tunnel is connected, but no traffic goes trough
Can you let us know some more detail. From Azure (Tunnel Gateway Server) what do you use to get the traffic from Azure to on-prem (site2site, ExpressRoute). What Linux OS do you use?
Did you check the logs from the Gateway to see if there are errors present? See here: microsoft-tunnel-monitor
On the resource server do you see any traffic coming in, for example from the logs?
It's a totally simple setup for training. Just 2 VMs in Azure, one is the Tunnel Gateway, the other vm is a WS2022 Domain Controller with IIS installed for the Tunnel health check. Both VMs are in the same VNet/Subnet. DC is the DNS Server for the Subnet and DNS in the Tunnel policy. On Android Devices even the split tunnels works, so addresses outside the range will not be routed through the Tunnel. Addresses inside the range run into the "dead end". So for example when I try to navigate to http://10.0.0.4 in the mobile's browser nothing happens. Even if this address is the successfully logged health check address from the Tunnel's health check. In the logs on DC's IIS a see the Tunnel VM reaching IIS beacuse of its health check, but not anything coming from inside Tunnels Containers. So some routing information must be missing here. Linux is Red Hat 8.4 Gen2.
train-IT did you find a resolution to this in the end?
I've set this up on-prem and it "just worked" yesterday.
Tried it again today and now experiencing the same as you - iOS VPN connects but no traffic over it. But the linux server can ping and reach everything just fine, as can the container.
My MS Tunnel Server is on Ubuntu 22.04 (but have also tried RHEL9.4 and Ubuntu 20.04) and nothing seems to help.
I wish there were a few more troubleshooting articles for this!
- Yeah, the doc (pdf) is 2 years old, and is of bad quality. Seems be a rearly used feature. Well tomorrow i'll give it another try because of a new training - let's see if it works. Regards, Michael
train-IT I got this working but it's not ideal.
The issue I had with the VPN connection but nothing routed was ultimately resolved by changing the server configuration to disable UDP usage and also closed the UDP port - routing then worked as expected. Not sure why that was necessary given I have another client/location where this wasn't necessary with a practically identical setup.
The only frustration I have is that I had hoped this would be a good solution for allowing iOS RD Client to connect to internal RemoteApp / Session Hosts - it works but there's a lot of latency (screen-updates appear fairly fast but there's about 1 second of input lag, i.e move mouse over the minimize/maximize buttons and it can take 1-2 seconds for them to highlight) which is super frustrating. Have tweaked just about every setting I can think of to improve this at both locations to no avail.
