![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 33%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOM%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 23%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVV%3C/text%3E%3C/svg%3E)
Use the Azure VPN Client diagnostics and Entra ID sign-in reset to isolate the issue.
- Check Azure VPN Client status logs
- Open Azure VPN Client.
- Select the arrows icon at the bottom-right to show Status Logs.
- Look for error messages in red that appear after authentication completes; these indicate what is failing (for example, server reachability, DNS, or credentials).
- Clear saved Entra ID account in Azure VPN Client
- In Azure VPN Client, select the … next to the affected VPN profile and choose Configure.
- Select Clear Saved Account.
- Select Save.
- Try to connect again so that a fresh Entra ID sign-in and MFA flow is triggered.
- Run Azure VPN Client diagnostics
- In Azure VPN Client, select the … next to the VPN profile and choose Diagnose → Run Diagnosis.
- Review the test results:
- Internet Access: Confirms general connectivity.
- Client Credentials: Confirms the Microsoft Entra ID authentication endpoint is reachable.
- Server Resolvable: Confirms DNS can resolve the VPN server name.
- Server Reachable: Confirms the VPN gateway is responding.
- If any test fails, work with the network administrator to fix that specific issue (for example, DNS resolution, firewall, or gateway reachability) and then retry the connection.
- Use the built-in prerequisites and diagnostics (if on Windows, Entra-based P2S)
- In Azure VPN Client (version 4.0.0.0 or later), select … → Prerequisites and run Run Prerequisites Test; fix any reported issues.
- Then select … → Diagnose on the connection and run Run Diagnostics again to confirm the connection path after authentication.
If the problem persists even though MFA completes successfully, the status logs and diagnostics output will identify whether the failure is due to client prerequisites, Entra ID reachability, DNS, or VPN gateway/network issues.
References:
- Troubleshoot Azure VPN Client
- Configure Azure VPN Client – Microsoft Entra ID authentication – Windows
- Configure the Azure VPN Client – Microsoft Entra ID authentication – Windows
- Troubleshooting: Azure point-to-site connection problems
- Authentication did not complete
- Troubleshooting: An Azure site-to-site VPN connection can't connect and stops working
- Troubleshoot an Azure site-to-site VPN connection that can't connect and stops working