DotRas and the Azure Point-to-Site VPN.

Sep 22, 2014 at 11:57 AM
Apologies in advance if this has been covered elsewhere but is it possible to use DotRas to connect to an Azure point-to-site VPN secured with a certificate (as described here) - http://msdn.microsoft.com/en-us/library/azure/dn133792.aspx?

I have looked at the SDK doc and samples. However when I try the example code using the .pbk file associated with this connection I get the following (I am using your DialingVpnEntry sample code tweaked to look at the phonebook located in the user's roaming appdata %userprofile%\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk)...
DotRas.RasException: Exception of type 'DotRas.RasException' was thrown.
   at DotRas.Internal.ThrowHelper.ThrowRasException(Int32 errorCode)
   at DotRas.Internal.RasHelper.Dial(String phoneBookPath, RASDIALPARAMS parameters, RASDIALEXTENSIONS extensions, RasDialFunc2 callback, RASEAPF eapOptions)
   at DotRas.RasDialer.InternalDial(Boolean asynchronous)
   at DotRas.RasDialer.DialAsync()
   at DialingVpnEntryWithWPF.Window1.DialButton_Click(Object sender, RoutedEventArgs e) in j:\LABS\DotRas v1.3 SDK - February 2014\dotras-108903\Trunk\examples\src\WPF\DialingVpnEntry\CS\DialingVpnEntry\Window1.xaml.cs:line 50
I was just wondering if this is supported before I go digging further? I was able to get this pbk file to work with rasphone but not rasdial, however I am looking for a way to dial/monitor the connection from a windows service.

Regards

Don
Editor
Oct 1, 2014 at 7:37 PM
Are you using the relevant library? I suspect that only some libraries (e.g. perhaps XP or Vista support is needed) support that phonebook.
Oct 2, 2014 at 11:10 AM
Thanks for coming back to me on this... Following your suggestion I have tried the sample code with earlier nugget package versions (Windows 7, Vista and then XP - I was using the Windows 8 version to start with) and the behaviour is the same. Could there be something exotic about this Azure VPN entry, I have added the [SANITIZED] values to protect the details of this connection?

Regards

Don
[MYCONNECTION]
Encoding=1
PBVersion=3
Type=4
AutoLogon=0
UseRasCredentials=1
LowDateTime=-650539024
HighDateTime=30398043
DialParamsUID=227861531
Guid=[SANITIZED]
VpnStrategy=5
ExcludedProtocols=8
LcpExtensions=1
DataEncryption=256
SwCompression=1
NegotiateMultilinkAlways=1
SkipDoubleDialDialog=0
DialMode=0
OverridePref=15
RedialAttempts=0
RedialSeconds=0
IdleDisconnectSeconds=0
RedialOnLinkFailure=0
CallbackMode=0
CustomDialDll=
CustomDialFunc=
CustomRasDialDll=%windir%\system32\cmdial32.dll
ForceSecureCompartment=0
DisableIKENameEkuCheck=0
AuthenticateServer=0
ShareMsFilePrint=1
BindMsNetClient=1
SharedPhoneNumbers=0
GlobalDeviceSettings=0
PrerequisiteEntry=
PrerequisitePbk=
PreferredPort=VPN9-0
PreferredDevice=WAN Miniport (SSTP)
PreferredBps=0
PreferredHwFlow=0
PreferredProtocol=0
PreferredCompression=0
PreferredSpeaker=0
PreferredMdmProtocol=0
PreviewUserPw=0
PreviewDomain=0
PreviewPhoneNumber=0
ShowDialingProgress=0
ShowMonitorIconInTaskBar=1
CustomAuthKey=13
CustomAuthData=[SANITIZED]
CustomAuthData=[SANITIZED]
AuthRestrictions=128
IpPrioritizeRemote=0
IpInterfaceMetric=0
IpHeaderCompression=1
IpAddress=0.0.0.0
IpDnsAddress=0.0.0.0
IpDns2Address=0.0.0.0
IpWinsAddress=0.0.0.0
IpWins2Address=0.0.0.0
IpAssign=1
IpNameAssign=1
IpDnsFlags=0
IpNBTFlags=1
TcpWindowSize=0
UseFlags=2
IpSecFlags=0
IpDnsSuffix=
Ipv6Assign=1
Ipv6Address=::
Ipv6PrefixLength=0
Ipv6PrioritizeRemote=1
Ipv6InterfaceMetric=0
Ipv6NameAssign=1
Ipv6DnsAddress=::
Ipv6Dns2Address=::
Ipv6Prefix=0000000000000000
Ipv6InterfaceId=0000000000000000
DisableClassBasedDefaultRoute=0
DisableMobility=0
NetworkOutageTime=0
ProvisionType=0
PreSharedKey=
CacheCredentials=0
NumCustomPolicy=0
NumEku=0
UseMachineRootCert=0
NumServers=0
NumRoutes=0
NumNrptRules=0
AutoTiggerCapable=0
NumAppIds=0
NumClassicAppIds=0
DisableDefaultDnsSuffixes=0
NumTrustedNetworks=0
NumDnsSearchSuffixes=0
PowershellCreatedProfile=0
ProxyFlags=0
ProxySettingsModified=0
ProvisioningAuthority=
AuthTypeOTP=0

NETCOMPONENTS=
ms_msclient=1
ms_server=1

MEDIA=rastapi
Port=VPN9-0
Device=WAN Miniport (SSTP)

DEVICE=vpn
PhoneNumber=[SANITIZED].cloudapp.net
AreaCode=
CountryCode=0
CountryID=0
UseDialingRules=0
Comment=
FriendlyName=
LastSelectedPhone=0
PromoteAlternates=0
TryNextAlternateOnFail=1

Coordinator
Oct 5, 2014 at 4:43 PM
I say this all the time, but I guess I'll have to say it again. Have you tried configuring the VPN connection and getting it to work in Windows first? Get it to work with Windows first, then worry about getting it to work in your own app. Otherwise you'll just be guessing which settings need to be configured to get it to work. Once you have a known working connection, you can inspect the settings to see what options need to be configured for it to work.

By the way, I haven't heard of anyone using Azure for a VPN before from Windows, so I'm not entirely sure if it's possible.
Oct 6, 2014 at 6:48 AM
Edited Oct 6, 2014 at 2:15 PM
Apologies for any misunderstanding. The VPN works perfectly from Windows - establishing the connection works just fine. The Azure Point-to-Site VPN process is slightly convoluted (http://msdn.microsoft.com/en-us/library/azure/dn133792.aspx). Azure uses a certificate to secure the connection. You generate the root cert, upload it to Azure and it then Azure creates an exe which you then "install". All this does is configure the VPN locally on the client (Windows 8.1 in my case). You then install the client cert and you're good to go. There are a couple of anomalies I've noticed when initiating the connection from Windows (1) It uses an Azure branded dialler (no idea if this is doing anything proprietary, however the phonebook entry I posted was created by this process and not manually configured) and (2) when establishing the connection there is a prompt for elevated privileges to allow CMROUTE.DLL to update your routing table, could this be the issue?

Regards

Don
Coordinator
Oct 6, 2014 at 1:08 PM
If it's an Azure branded dialer that comes up they'll likely be requiring it to handle the connection, in which case the RasDialer component might not work. Have you tried executing the connection using rasdial.exe in Windows? Typically I wouldn't suggest this, but for diagnostics purposes it should be fine. It uses the same API that the RasDialer component does under the hood.

I'd also suggest trying to dial it using rasphone.exe, if it can dial it, you'll need to use the RasDialDialog component to dial the connection and user interaction may be required.
Oct 6, 2014 at 2:15 PM
Thanks for getting back to me, as per my initial post...
>> I was able to get this pbk file to work with rasphone but not rasdial...
Its possible something quite proprietary is happening, in which case I suspect I'm on a hiding to nowhere ;-)

Regards

Don
Coordinator
Oct 7, 2014 at 1:18 PM
Sorry, I didn't spot that earlier.

I can only imagine that their UI is taking care of the actual dialing process, in which case a user interface may be required. Perhaps opening a ticket with Microsoft so they get it to work with the RasDial API might be helpful? No idea if they'll move on it, or if they can, but that might be the only option at this point.
Oct 24, 2014 at 6:25 AM
I have found the following blog post which has a nice explanation of why rasdial (and DotRas) will not work out of the box with the Azure Point-to-Site VPN and contains all you need to work around the issue.

http://www.diaryofaninja.com/blog/2013/11/27/deconstructing-the-azure-point-to-site-vpn-for-command-line-usage

I'm posting in case someone goes down the same DotRas path.

Regards

Don
Coordinator
Oct 24, 2014 at 12:38 PM
Keep in mind, if you can get the connection to work with rasdial, you should be able to use that same connection with the RasDialer component within DotRas.