Azure Ubuntu VM direct S2S VPN - without VPN Gateway. Is it possible?

Question

I would like to connect on prem Fortigate FW with one azure Ubuntu VM - direct. Is it possible without Azure VPN Gateway?

Config works with other vendor but no in Azure. Is that kind of config blocked somehow in azure? Thank's for help.

https://drive.google.com/file/d/1JLdM2r5npe5e3ewaeXTd-Vi70RyyLQ_r/view?usp=sharing

My oversight, sorry for the lack of configuration. On the Azure side of Ubuntu 20.04 - strongswan. Identical configuration uploaded to another provider works fine. Only difference is no external IP on the ubuntu vm interface in azure.Azure NSG 500/udp and 4500udp incoming allowed.UFW inactive. Phase1 doesn't start.

//ipsec.conf config setup charondebug = "all" uniqueids = yes conn strongswan-to-fortigate type = tunnel auto = start keyexchange = ikev2 authby = secret left = xx leftsubnet = 10.0.0.1/24 right = yy rightsubnet = 192.168.1.1/24 ike = aes256-sha256-modp2048 esp = aes256-sha256 aggressive = no keyingtries = %forever ikelifetime = 28800s lifetime = 3600s dpddelay = 20s dpdtimeout = 120s dpdaction = restart

//ipsec.secret xx yy : PSK "key"

Answer 1

I think you are you using the incorrect sort of VPN, an s2s is a site to site, and what you are describing is a p2s vpn(point-to-site).

You can of course place that one vm in a seperate vnet, and then set up a s2s vpn to vpn to that vnet, and then resource lock that vnet so additional machines get added to that vnet.

And I think a vpn in Azure always requires a vpn gateway, there nust be something to tunnel and encrypt the traffic.

I would look into setting up a p2s vpn between that fortigate and your ubuntu vm.

Edit: Owh yeah, If you use SSL based VPN from Fortinet, you can use openfortivpn software which is part of Ubuntu and Fedora.