Share via

How to connect to Azure SQL Server using Azure P2S VPN client (Azure AD Authentication)

Jignesh Vyas 45 Reputation points
2023-02-13T07:34:28.5233333+00:00

Hi,

I have azure vpn client configured on my local machine. I am able to connect to vnet gateway through vpn client with azure ad authentication. Now I want to connect to azure sql server from the local machine using azure vpn client.

Is it possible?

Thanks

Azure SQL Database
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,780 questions
Accepted answer
  1. SSingh-MSFT 16,371 Reputation points Moderator
    2023-02-13T08:35:03.7733333+00:00

    Hi @Jignesh Vyas ,

    Welcome to Microsoft Q&A forum and thanks for using Azure services.

    As I understand from the question, want to connect to Azure SQL Server from the local machine using azure vpn client.

    I suppose you have followed the documentation: Configure the Azure VPN Client - Azure AD authentication - Windows

    For Azure SQL Server to be accessed from Azure P2S, could you please try below mentioned steps and let us know your results:

    1. Navigate to "Firewalls and virtual networks" of you SQL server and make sure to set "Deny public network access" to yes.
    2. Create an Azure private endpoint. It will create endpoint for SQL server within your virtual network and it'll be assigned a private IP from within subnet's IP range. You will use this private IP to connect to SQL server.
    3. On your local machine, make sure you're connected to VPN and open SQL Server Management Studio:
    • Under "Server name" enter private IP address of Azure private endpoint created in step 2.
    • Under "Login" field, enter username in format "username@public_sql_server_name" (e.g. ******@my-sql-server.database.windows.net). For password, just enter your password.
    • Last thing to do is to click on "Options" and navigate to "Connection properties". Make sure to check "Encrypt connection" and "Trust server certificate". This is required as server's certificate is issued to "my-sql-server.database.windows.net" and you're accessing it via private IP. If this wasn't checked, management studio wouldn't trust server's certificate and would refuse connection.

    Please try and let us know so that we can further check on this. Thanks.

    3 people found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. William J. Pintas 10 Reputation points
    2023-10-08T03:39:42.7333333+00:00

    Assuming you have already created a private endpoint connection for your azure SQL Server and you have a working Virtual Network Gateway all within the same Virtual Network then follow the steps below to connect to your sql server using an Azure P2S VPN.

    1. You need to first create an Azure DNS Private Resolver
      1. Has to also be in the same Virtual Network as your Private Endpoint and VNet Gateway
        1. Create a inbound endpoint(You will need to create a new subnet to hold this)
          1. Skip outbound endpoints and ruleset
            1. Create the resource
    2. Once the Azure Private Resolver has been created go to the resource and click on 'Inbound Endpoints' and then copy the Private IP Address from the 'IP Address' column
    3. Go to the virtual network that all of these resources are in and click on 'DNS Servers' and then select custom and then paste in the Private IP Address you copied from the Inbound Endpoint and then click save.

    You should be good to go now. Connect to your VPN and do an nslookup on your_sqlserver_name.database.windows.net and make sure the Private Endpoint private ip address shows up.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.