OpenVPN client in WVD

%3CLINGO-SUB%20id%3D%22lingo-sub-959124%22%20slang%3D%22en-US%22%3EOpenVPN%20client%20in%20WVD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-959124%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3EI%20know%20that%20there%20is%20a%20standard%20method%20to%20create%20a%20S2S%20vpn%20with%20a%20WVD%2C%20but%20for%20some%20reasons%20I'd%20like%20to%20try%20to%20run%20VPN%20inside%20my%20WVD%20with%20OpenVpn.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20I%20ran%20the%20configured%20client%20manually%2C%20everything%20is%20ok.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAfterwards%20I've%20tried%20to%20autostart%20the%20VPN%20via%20service%2C%20restarted%20the%20WVD%20and...%20I%20cant%20no%20more%20connect%20to%20my%20machine.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3Eso..%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E1.%20how%20to%20disable%20a%20service%20(I%20cant%20connect%20to%20my%20machine)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E2.%20how%20to%20restore%20the%20machine%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E3.%20there%20is%20a%20safe%20way%20to%20use%20openvpn%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3Ethanks%20in%20advance%2C%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EP.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-963254%22%20slang%3D%22en-US%22%3ERe%3A%20OpenVPN%20client%20in%20WVD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-963254%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F297499%22%20target%3D%22_blank%22%3E%40Braguzz%3C%2FA%3E%20I%20m%20unsure%20whether%20you%20are%20unable%20to%20connect%20to%20your%20VM%20directly%20OR%20through%20WVD.%20Can%20you%20see%20the%20VM%20using%20%22Get-RdsSessionHost%22%3F%20My%20suspicion%20is%20that%20you%20don't%20have%20the%20right%20ports%20open%20or%20URLs%20whitelisted%3A%20Port%20443%20outbound%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3CSPAN%20style%3D%22color%3A%20%23252423%3B%20font-family%3A%20'Segoe%20UI'%2C%20'Helvetica%20Neue'%2C%20'Apple%20Color%20Emoji'%2C%20'Segoe%20UI%20Emoji'%2C%20Helvetica%2C%20Arial%2C%20sans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant-ligatures%3A%20normal%3B%20font-variant-caps%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20start%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20white-space%3A%20normal%3B%20widows%3A%202%3B%20word-spacing%3A%200px%3B%20-webkit-text-stroke-width%3A%200px%3B%20background-color%3A%20%23ffffff%3B%20text-decoration-style%3A%20initial%3B%20text-decoration-color%3A%20initial%3B%20display%3A%20inline%20!important%3B%20float%3A%20none%3B%22%3E*.wvd.microsoft.com%3C%2FSPAN%3E%3CBR%20style%3D%22-webkit-font-smoothing%3A%20antialiased%3B%20box-sizing%3A%20border-box%3B%20color%3A%20%23252423%3B%20font-family%3A%20'Segoe%20UI'%2C%20'Helvetica%20Neue'%2C%20'Apple%20Color%20Emoji'%2C%20'Segoe%20UI%20Emoji'%2C%20Helvetica%2C%20Arial%2C%20sans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant-ligatures%3A%20normal%3B%20font-variant-caps%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20start%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20white-space%3A%20normal%3B%20widows%3A%202%3B%20word-spacing%3A%200px%3B%20-webkit-text-stroke-width%3A%200px%3B%20background-color%3A%20%23ffffff%3B%20text-decoration-style%3A%20initial%3B%20text-decoration-color%3A%20initial%3B%22%20%2F%3E%3CSPAN%20style%3D%22color%3A%20%23252423%3B%20font-family%3A%20'Segoe%20UI'%2C%20'Helvetica%20Neue'%2C%20'Apple%20Color%20Emoji'%2C%20'Segoe%20UI%20Emoji'%2C%20Helvetica%2C%20Arial%2C%20sans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant-ligatures%3A%20normal%3B%20font-variant-caps%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20start%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20white-space%3A%20normal%3B%20widows%3A%202%3B%20word-spacing%3A%200px%3B%20-webkit-text-stroke-width%3A%200px%3B%20background-color%3A%20%23ffffff%3B%20text-decoration-style%3A%20initial%3B%20text-decoration-color%3A%20initial%3B%20display%3A%20inline%20!important%3B%20float%3A%20none%3B%22%3E*.blob.core.windows.net%3C%2FSPAN%3E%3CBR%20style%3D%22-webkit-font-smoothing%3A%20antialiased%3B%20box-sizing%3A%20border-box%3B%20color%3A%20%23252423%3B%20font-family%3A%20'Segoe%20UI'%2C%20'Helvetica%20Neue'%2C%20'Apple%20Color%20Emoji'%2C%20'Segoe%20UI%20Emoji'%2C%20Helvetica%2C%20Arial%2C%20sans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant-ligatures%3A%20normal%3B%20font-variant-caps%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20start%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20white-space%3A%20normal%3B%20widows%3A%202%3B%20word-spacing%3A%200px%3B%20-webkit-text-stroke-width%3A%200px%3B%20background-color%3A%20%23ffffff%3B%20text-decoration-style%3A%20initial%3B%20text-decoration-color%3A%20initial%3B%22%20%2F%3E%3CSPAN%20style%3D%22color%3A%20%23252423%3B%20font-family%3A%20'Segoe%20UI'%2C%20'Helvetica%20Neue'%2C%20'Apple%20Color%20Emoji'%2C%20'Segoe%20UI%20Emoji'%2C%20Helvetica%2C%20Arial%2C%20sans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant-ligatures%3A%20normal%3B%20font-variant-caps%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20start%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20white-space%3A%20normal%3B%20widows%3A%202%3B%20word-spacing%3A%200px%3B%20-webkit-text-stroke-width%3A%200px%3B%20background-color%3A%20%23ffffff%3B%20text-decoration-style%3A%20initial%3B%20text-decoration-color%3A%20initial%3B%20display%3A%20inline%20!important%3B%20float%3A%20none%3B%22%3E*.core.windows.net%3C%2FSPAN%3E%3CBR%20style%3D%22-webkit-font-smoothing%3A%20antialiased%3B%20box-sizing%3A%20border-box%3B%20color%3A%20%23252423%3B%20font-family%3A%20'Segoe%20UI'%2C%20'Helvetica%20Neue'%2C%20'Apple%20Color%20Emoji'%2C%20'Segoe%20UI%20Emoji'%2C%20Helvetica%2C%20Arial%2C%20sans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant-ligatures%3A%20normal%3B%20font-variant-caps%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20start%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20white-space%3A%20normal%3B%20widows%3A%202%3B%20word-spacing%3A%200px%3B%20-webkit-text-stroke-width%3A%200px%3B%20background-color%3A%20%23ffffff%3B%20text-decoration-style%3A%20initial%3B%20text-decoration-color%3A%20initial%3B%22%20%2F%3E%3CSPAN%20style%3D%22color%3A%20%23252423%3B%20font-family%3A%20'Segoe%20UI'%2C%20'Helvetica%20Neue'%2C%20'Apple%20Color%20Emoji'%2C%20'Segoe%20UI%20Emoji'%2C%20Helvetica%2C%20Arial%2C%20sans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant-ligatures%3A%20normal%3B%20font-variant-caps%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20start%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20white-space%3A%20normal%3B%20widows%3A%202%3B%20word-spacing%3A%200px%3B%20-webkit-text-stroke-width%3A%200px%3B%20background-color%3A%20%23ffffff%3B%20text-decoration-style%3A%20initial%3B%20text-decoration-color%3A%20initial%3B%20display%3A%20inline%20!important%3B%20float%3A%20none%3B%22%3E*.servicebus.windows.net%3C%2FSPAN%3E%3CBR%20style%3D%22-webkit-font-smoothing%3A%20antialiased%3B%20box-sizing%3A%20border-box%3B%20color%3A%20%23252423%3B%20font-family%3A%20'Segoe%20UI'%2C%20'Helvetica%20Neue'%2C%20'Apple%20Color%20Emoji'%2C%20'Segoe%20UI%20Emoji'%2C%20Helvetica%2C%20Arial%2C%20sans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant-ligatures%3A%20normal%3B%20font-variant-caps%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20start%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20white-space%3A%20normal%3B%20widows%3A%202%3B%20word-spacing%3A%200px%3B%20-webkit-text-stroke-width%3A%200px%3B%20background-color%3A%20%23ffffff%3B%20text-decoration-style%3A%20initial%3B%20text-decoration-color%3A%20initial%3B%22%20%2F%3E%3CSPAN%20style%3D%22color%3A%20%23252423%3B%20font-family%3A%20'Segoe%20UI'%2C%20'Helvetica%20Neue'%2C%20'Apple%20Color%20Emoji'%2C%20'Segoe%20UI%20Emoji'%2C%20Helvetica%2C%20Arial%2C%20sans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant-ligatures%3A%20normal%3B%20font-variant-caps%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20start%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20white-space%3A%20normal%3B%20widows%3A%202%3B%20word-spacing%3A%200px%3B%20-webkit-text-stroke-width%3A%200px%3B%20background-color%3A%20%23ffffff%3B%20text-decoration-style%3A%20initial%3B%20text-decoration-color%3A%20initial%3B%20display%3A%20inline%20!important%3B%20float%3A%20none%3B%22%3Eprod.warmpath.msftcloudes.com%3C%2FSPAN%3E%3CBR%20style%3D%22-webkit-font-smoothing%3A%20antialiased%3B%20box-sizing%3A%20border-box%3B%20color%3A%20%23252423%3B%20font-family%3A%20'Segoe%20UI'%2C%20'Helvetica%20Neue'%2C%20'Apple%20Color%20Emoji'%2C%20'Segoe%20UI%20Emoji'%2C%20Helvetica%2C%20Arial%2C%20sans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant-ligatures%3A%20normal%3B%20font-variant-caps%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20start%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20white-space%3A%20normal%3B%20widows%3A%202%3B%20word-spacing%3A%200px%3B%20-webkit-text-stroke-width%3A%200px%3B%20background-color%3A%20%23ffffff%3B%20text-decoration-style%3A%20initial%3B%20text-decoration-color%3A%20initial%3B%22%20%2F%3E%3CSPAN%20style%3D%22color%3A%20%23252423%3B%20font-family%3A%20'Segoe%20UI'%2C%20'Helvetica%20Neue'%2C%20'Apple%20Color%20Emoji'%2C%20'Segoe%20UI%20Emoji'%2C%20Helvetica%2C%20Arial%2C%20sans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant-ligatures%3A%20normal%3B%20font-variant-caps%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20start%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20white-space%3A%20normal%3B%20widows%3A%202%3B%20word-spacing%3A%200px%3B%20-webkit-text-stroke-width%3A%200px%3B%20background-color%3A%20%23ffffff%3B%20text-decoration-style%3A%20initial%3B%20text-decoration-color%3A%20initial%3B%20display%3A%20inline%20!important%3B%20float%3A%20none%3B%22%3Ecatalogartifact.azureedge.net%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-963881%22%20slang%3D%22en-US%22%3ERe%3A%20OpenVPN%20client%20in%20WVD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-963881%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F297499%22%20target%3D%22_blank%22%3E%40Braguzz%3C%2FA%3E%26nbsp%3Byou%20can%20run%20%22stop-service%20openvpnservice%22%20on%20the%20AzureVM%26nbsp%3B%20in%20Azure%20Portal%3C%2FP%3E%0A%3CP%3EIf%20you%20want%20to%20use%20any%20kind%20of%20VPN%20from%20the%20Azure%20VM%2C%20make%20sure%20VPN%20configuration%20forward%20only%20specific%20routes%20to%20the%20tunnel%2C%20keeping%20the%20default%20gw%20on%20the%20local%20interface.%3C%2FP%3E%0A%3CP%3EIn%20case%20of%20openvpn%20-%26nbsp%3Bmake%20sure%20that%20%22redirect-gateway%22%20option%20is%20not%20used%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fcommunity.openvpn.net%2Fopenvpn%2Fwiki%2FIgnoreRedirectGateway%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcommunity.openvpn.net%2Fopenvpn%2Fwiki%2FIgnoreRedirectGateway%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-965610%22%20slang%3D%22en-US%22%3ERe%3A%20OpenVPN%20client%20in%20WVD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-965610%22%20slang%3D%22en-US%22%3EI%20was%20able%20to%20connect%20directly%2C%20but%20not%20via%20WVD.%20I've%20stopped%20the%20openvpn%20service%2C%20but%20problem%20persisted...%20so%20I've%20decided%20to%20build%20everithing%20from%20scratch...%20%3A%5C%3C%2Fimg%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-965625%22%20slang%3D%22en-US%22%3ERe%3A%20OpenVPN%20client%20in%20WVD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-965625%22%20slang%3D%22en-US%22%3EI'll%20try%20whenever%20I'll%20find%20a%20way%20to%20re%20build%20a%20WVD%20from%20scratch..%20%3A%5C%3C%2Fimg%3E%3CBR%20%2F%3E%3CBR%20%2F%3ENow%20my%20problem%20is%20that%20when%20I%20try%20to%20deploy%20a%20WVD%20(following%20the%20guide)%20I%20always%20get%20the%20**bleep**%20'Exception(s)%20occured%20while%20joining%20Domain..'%20error%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-977688%22%20slang%3D%22en-US%22%3ERe%3A%20OpenVPN%20client%20in%20WVD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-977688%22%20slang%3D%22en-US%22%3Efind%20a%20way.%3CBR%20%2F%3E%3CBR%20%2F%3Ein%20my%20OpnVPN%20client%20config%20I've%20add%3CBR%20%2F%3E------%3CBR%20%2F%3Epull-filter%20ignore%20redirect-gateway%3CBR%20%2F%3Eroute%20'my%20internal%20net'%20255.255.255.0%3CBR%20%2F%3E------%3CBR%20%2F%3E%3CBR%20%2F%3Enow%20I%20have%20to%20gfind%20a%20way%20to%20route%20all%20internet%20trafic%20trough%20vpn..%3CBR%20%2F%3Ebut%20it%20works%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hi all,

I know that there is a standard method to create a S2S vpn with a WVD, but for some reasons I'd like to try to run VPN inside my WVD with OpenVpn.

 

When I ran the configured client manually, everything is ok.

 

Afterwards I've tried to autostart the VPN via service, restarted the WVD and... I cant no more connect to my machine.

 

so..

 

1. how to disable a service (I cant connect to my machine)

2. how to restore the machine

3. there is a safe way to use openvpn?

 

 

thanks in advance,

P.

 

 

5 Replies
Highlighted

@Braguzz I m unsure whether you are unable to connect to your VM directly OR through WVD. Can you see the VM using "Get-RdsSessionHost"? My suspicion is that you don't have the right ports open or URLs whitelisted: Port 443 outbound

 *.wvd.microsoft.com
*.blob.core.windows.net
*.core.windows.net
*.servicebus.windows.net
prod.warmpath.msftcloudes.com
catalogartifact.azureedge.net

Highlighted

@Braguzz you can run "stop-service openvpnservice" on the AzureVM  in Azure Portal

If you want to use any kind of VPN from the Azure VM, make sure VPN configuration forward only specific routes to the tunnel, keeping the default gw on the local interface.

In case of openvpn - make sure that "redirect-gateway" option is not used 

 

https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway

Highlighted
I was able to connect directly, but not via WVD. I've stopped the openvpn service, but problem persisted... so I've decided to build everithing from scratch... :\
Highlighted
I'll try whenever I'll find a way to re build a WVD from scratch.. :\

Now my problem is that when I try to deploy a WVD (following the guide) I always get the **bleep** 'Exception(s) occured while joining Domain..' error
Highlighted
find a way.

in my OpnVPN client config I've add
------
pull-filter ignore redirect-gateway
route 'my internal net' 255.255.255.0
------

now I have to gfind a way to route all internet trafic trough vpn..
but it works