使用 Azure VPN 客户端连接到 Azure 搜索服务
[英]Connect to Azure Search Service using Azure VPN Client
问题描述
I have configured an Azure VPN point to site connection to access my azure resources prtected by VNet from my local machine.
我已配置 Azure VPN 点到站点连接,以从本地计算机访问受 VNet 保护的 Azure 资源。 I was able to access all other resources except Azure Search Service using VPN.我能够使用 VPN 访问除 Azure 搜索服务之外的所有其他资源。 For all the resoucres I added the GatewaySubnet under "Selected Networks" of Networking settings and also mentioned the corresponding resource's IP address as additional route in VNet Gateway.对于所有资源,我在网络设置的“选定网络”下添加了 GatewaySubnet,并且还提到了相应资源的 IP 地址作为 VNet 网关中的附加路由。
But for azure search service I cannot add the GatewaySubnet under selected networks because search service allows only public IP address range to be added when selecting "Selected Networks".但是对于 azure 搜索服务,我无法在所选网络下添加 GatewaySubnet,因为在选择“所选网络”时,搜索服务只允许添加公共 IP 地址范围。
I am getting below error when connecting to search service with VPN connected连接到 VPN 连接的搜索服务时出现以下错误
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Am I missing any setting?我错过了任何设置吗? Can someone help me on this?有人可以帮我吗?
3 个解决方案
解决方案1
0 2022-06-16 05:35:20
You don't need to add anything in the Azure Search Firewall, if you got "Selected Networks" as your firewall setting, it means that you have not yet created a private enpoint for Search, if your main goal is to connect privately from On premise to Search then this will be your first step.您无需在 Azure 搜索防火墙中添加任何内容,如果您将“选定网络”作为您的防火墙设置,这意味着您尚未为搜索创建私有端点,如果您的主要目标是从 On 私下连接前提是搜索,那么这将是您的第一步。 https://docs.microsoft.com/en-us/azure/search/service-create-private-endpoint https://docs.microsoft.com/en-us/azure/search/service-create-private-endpoint
After the private endpoint is created, make sure that your clients know how to resolve xxxx.search.windows.net to the private IP of the newly created private endpoint, once that's done, it would all be a matter of ensuring that the routing is setup correctly and your clients should then be able to connect.创建私有端点后,请确保您的客户端知道如何将 xxxx.search.windows.net 解析为新创建的私有端点的私有 IP,一旦完成,这一切都是确保路由正确的问题正确设置,然后您的客户端应该能够连接。
解决方案2
0 2022-06-24 20:02:01
At this time, the only way to access the search service privately is through private endpoint, as mentioned in this doc .此时,私下访问搜索服务的唯一方法是通过私有端点,如本文档所述。
To create a private endpoint attached to the virtual network where the local machine VPN is part of.创建连接到本地计算机 VPN 所在的虚拟网络的专用终结点。 When you connect through VPN, the machine that you're connecting from would acquire a private IP from the virtual network.当您通过 VPN 连接时,您连接的机器将从虚拟网络获取私有 IP。
-summarized the answer from comments. -从评论中总结了答案。
解决方案3
0 已采纳 2022-07-07 14:49:53
I was missing setting up the DNS forwarder.我错过了设置 DNS 转发器。 The public addresses are returned by Azure public DNS.公共地址由 Azure 公共 DNS 返回。 The private addresses are returned by DNS internal to Azure.私有地址由 Azure 内部的 DNS 返回。 This means that we want to use DNS internal to Azure when accessing resources over a VPN connection.这意味着我们希望在通过 VPN 连接访问资源时使用 Azure 内部的 DNS。 And this internal DNS provided by Azure is outside of our VNet and so we have to explicitly forward that using our own DNS forwarder. Azure 提供的这个内部 DNS 在我们的 VNet 之外,因此我们必须使用我们自己的 DNS 转发器明确转发它。 We must add a DNS server to the VNet if we want DNS support for P2S or S2S connections.如果我们希望 DNS 支持 P2S 或 S2S 连接,我们必须将 DNS 服务器添加到 VNet。 We must stand up our own DNS Server, actually a forwarder, and add it to the VNG DNS server list.我们必须建立自己的 DNS 服务器,实际上是一个转发器,并将其添加到 VNG DNS 服务器列表中。 Azure does not provide any DNS server that is addressable from the VPN connection. Azure 不提供任何可通过 VPN 连接寻址的 DNS 服务器。 We used azure firewall as a DNS forwarder and now everything works with VPN connected.我们使用 azure 防火墙作为 DNS 转发器,现在一切都可以在连接 VPN 的情况下运行。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.