TLDR; Make sure the local network is defined or has at least one address configured.

Today I was troubleshooting the Azure VPN, which wasn't coming up. As always it turns out to be a small and easy to fix problem, but it took me some time to figure out what was going wrong. As you might know for setting up an Azure VPN there are three components required;

  • Virtual Network Gateway
  • Local Network Gateway
  • Connection

The virtual network gateway basically is the Azure (IaaS) endpoint. The local network gateway, basically describes the other end of the (to setup) VPN and the Connection basically glues them together. It is possible to have multiple local networks gateways (and connections) and only one virtual network gateway.

In this case the local network gateway, was configured with an IP address, but without an (local) address range (address space) or BGP settings. It turns out, without these settings Azure won't initiate or reply to any peer trying to setup a VPN connection. The hardest part is that all the errors (mainly timeouts) will point to a VPN configuration problem and not to the "network" routing/proxying part.

So make sure you always give in an address space, even a temporarily dummy (/32) IP address is sufficient.