Issue Accessing Azure File Share via VPN Point-to-Site with Private Endpoint

Question

Issue Accessing Azure File Share via VPN Point-to-Site with Private Endpoint

Jamal Nguyen 0

Hi,

I have anissue and need your help.

When I connects using the P2S VPN to my Azure File Share, I can reach the VNet range (10.0.0.0/16), but I cannot resolve the Private Endpoint DNS name to the private IP. nslookup mystorageaccount.file.core.windows.net returns a public IP (20.x.x.x) or times-out instead of its private IP which belongs to subnet 10.0.0.0/24, I ensure my P2S VPN working correctly because I also tried successfully connecting to a VM belonging to subnet 10.0.0.0/24.

And I'm wondering whether China computers are able to access my Azure File Share via P2S VPN.

Thank you.

Jamal Nguyen 0 Reputation points

2025-11-19T02:27:27.6633333+00:00

Hi Ravi,

I followed your recommendation, but it doesn’t make much difference since I still cannot access the Azure File Share even when the VPN is connected.

As shown in your picture, I don’t see that you were able to ping the private IP.

Thank you.
Ravi Varma Mudduluru 3,550 Reputation points Microsoft External Staff Moderator

2025-11-19T08:54:26.84+00:00

Hello @ Jamal Nguyen,
Could you please confirm whether you added host entry in the local host file? If yes, could you please share me the nslookup resulted screenshot?

Could you please check the private message and share me the requested details?

2 answers

Your answer

Jamal Nguyen 0 Reputation points

2025-11-19T02:27:27.6633333+00:00

Hi Ravi,

I followed your recommendation, but it doesn’t make much difference since I still cannot access the Azure File Share even when the VPN is connected.

As shown in your picture, I don’t see that you were able to ping the private IP.

Thank you.
Ravi Varma Mudduluru 3,550 Reputation points Microsoft External Staff Moderator

2025-11-19T08:54:26.84+00:00

Hello @ Jamal Nguyen,
Could you please confirm whether you added host entry in the local host file? If yes, could you please share me the nslookup resulted screenshot?

Could you please check the private message and share me the requested details?

Answer 1

It seems that you are experiencing issues with DNS resolution for your Azure File Share when connected via a Point-to-Site (P2S) VPN. Here are some steps to troubleshoot this issue:

Check Private Endpoint Configuration: Ensure that the private endpoint for your Azure File Share is correctly configured and associated with the correct virtual network and subnet. The private endpoint should be in the same virtual network that your P2S VPN connects to.
DNS Configuration: When you create a private endpoint, a private DNS zone is typically created or updated. Make sure that your virtual network is linked to the private DNS zone. This allows the DNS resolution to point to the private IP address of the endpoint instead of the public IP.
Use Correct DNS Name: When performing the nslookup, ensure you are using the correct private DNS name format, which is mystorageaccount.privatelink.file.core.windows.net. This should resolve to the private IP address associated with the private endpoint.
Test DNS Resolution: You can use the Resolve-DnsName cmdlet in PowerShell to test the DNS resolution from within an Azure VM in the same VNet. This can help confirm if the private DNS setup is functioning correctly.
```
   Resolve-DnsName -Name "mystorageaccount.privatelink.file.core.windows.net"
```
Firewall and Network Security Group (NSG) Rules: Check if there are any firewall or NSG rules that might be blocking access to the private endpoint from your P2S VPN.

Regarding your question about access from China, it is generally possible for computers in China to access Azure services via VPN, but there may be additional considerations regarding network policies, latency, and compliance with local regulations.

If you continue to face issues, consider reaching out to Azure support for more detailed assistance.

References:

Answer 2

Hello @Jamal Nguyen

Thanks for reaching out to Microsoft Q&A.

In your situation, I see that you’re unable to resolve the private IP using the P2S VPN, and it’s resolving the public IP instead. This appears to be a DNS issue.

To resolve the issue, you can use a private endpoint and add a host entry on your local machine with the Private Endpoint IP and the Storage Endpoint.

enter image description here

10.0.0.5    venkatstoragetestdemo.file.core.windows.net

When I tried to access the file share without a host entry, I also faced the same issue.

enter image description here

The issue was resolved after adding the host entry on the local machine.

enter image description here

Azure file share is accessible from P2S VPN

enter image description here

Reference document: https://learn.microsoft.com/en-us/azure/storage/files/storage-files-networking-overview#tunneling-traffic-over-a-virtual-private-network-or-expressroute

Kindly let us know if the above helps or you need further assistance on this issue.

Please "Accept the Answer" if the information helped you. This will help us and others in the community as well.