Share via

Cannot Connect to Web App from my VPN Gateway

Application Admin 0 Reputation points
2025-11-25T02:38:35.1+00:00

I am getting a ERR_NAME_NOT_RESOLVED error when trying to access my Azure Web app thats on a private endpoint using my VPN Gateway.

Note that I am able to access the Web app through my VM that's on the same VNet as the Web App.

May web app and VPN Gateway are on the same VNet and have there own individual SubNets. I have no NSG applied or firewalls and my Azure VPN Client is connected. Also all my DNS configurations look good as I'm able to connect via my VM.

Also note I'm using Point to Site with OpenVPN with Entra ID and Route-based as a VPN-type. Any assistance would be much appreciated as I seems its a DNS resolution issue but I can't identify the exact issue. Thank You

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Thanmayi Godithi 2,215 Reputation points Microsoft External Staff Moderator
    2025-11-25T03:44:39.2333333+00:00

    Hi @Application Admin,

    Thank you for reaching out on Microsoft Q&A forum.

    The error "ERRNAMENOT_RESOLVED" when accessing your Azure Web app via a Point-to-Site VPN Gateway with a private endpoint is a common DNS resolution issue. While your VM within the VNet can resolve the private endpoint via the private DNS zone, P2S VPN clients do not always resolve to the private DNS zone automatically.

    This typically happens because VPN clients may not be using the Azure private DNS or custom DNS forwarders configured for your VNet. To resolve this, ensure your VPN client is configured to use the DNS servers that can resolve privatelink.azurewebsites.net zones. Options include:

    • Configuring DNS forwarding on a VM or Azure DNS private resolver in the VNet, linked to your VPN client configurations.
    • Adding appropriate DNS server IPs to the VPN client DNS settings.
    • As a workaround, editing the hosts file on the VPN client with the private IP of the private endpoint.

    Please verify the following:

    1. Does the VPN client’s DNS setting point to your Azure VNet DNS or custom DNS forwarder?
    2. Are the private DNS zones for privatelink.azurewebsites.net linked to your VNet hosting the web app and VPN Gateway?
    3. When running nslookup on the VPN client machine for your web app's domain, does it resolve to the private IP address?
    4. Have you tested DNS forwarding or proxy solutions that Azure recommends for VPN clients accessing private endpoints?

    For more guidance, see Microsoft's troubleshooting for private endpoint DNS resolution with VPN:

    Please share details on your VPN client DNS configuration and results from DNS resolution tests performed on the VPN client. This will help narrow down if the issue lies with DNS forwarding, VPN client configuration, or private DNS zone linking.

    Kindly let us know if the above helps or you need further assistance on this issue.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Thanks,

    Thanmayi

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.