Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
Unable to access Azure Database for MySQL private endpoint over VPN + VNet Peering
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 36%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Abdelrhman Goma
95
Reputation points
Hello,
I’m trying to connect to an Azure Database for MySQL private endpoint that I created in the UK South VNet.
Here’s my setup:
I have a VPN Gateway in the UAE VNet that allows me to connect my laptop to the VNet.
The UAE VNet is peered with the UK South VNet.
I created a Private Endpoint for the MySQL database inside the UK South VNet.
I also created a Private DNS Zone (privatelink.mysql.database.azure.com), added the A record for the private endpoint, and linked the DNS zone to both VNets (UAE + UK South).
Troubleshooting I already tried:
Verified that VNet peering between UAE and UK South is configured with Use Remote Gateway / Allow Forwarded Traffic.
Confirmed that the Private DNS Zone is linked to both VNets.
Verified that the A record in the Private DNS Zone resolves to the private endpoint IP.
Tried connecting via MySQL Workbench and command line but connection times out.
Ensured NSGs and firewalls are not blocking traffic.
Issue: Even after setting this up, I still cannot connect to the MySQL database using its private endpoint from my laptop over the VPN.
Hello,
I’m trying to connect to an Azure Database for MySQL private endpoint that I created in the UK South VNet.
Here’s my setup:
I have a VPN Gateway in the UAE VNet that allows me to connect my laptop to the VNet.
The UAE VNet is peered with the UK South VNet.
I created a Private Endpoint for the MySQL database inside the UK South VNet.
I also created a Private DNS Zone (privatelink.mysql.database.azure.com), added the A record for the private endpoint, and linked the DNS zone to both VNets (UAE + UK South).
Troubleshooting I already tried:
Verified that VNet peering between UAE and UK South is configured with Use Remote Gateway / Allow Forwarded Traffic.
Confirmed that the Private DNS Zone is linked to both VNets.
Verified that the A record in the Private DNS Zone resolves to the private endpoint IP.
Tried connecting via MySQL Workbench and command line but connection times out.
Ensured NSGs and firewalls are not blocking traffic.
Issue:
Even after setting this up, I still cannot connect to the MySQL database using its private endpoint from my laptop over the VPN.
Azure Virtual Network
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 74%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Pranitha Maddi 475 Reputation points Microsoft External Staff Moderator2025-08-27T13:48:39.0433333+00:00 Hi Abdelrhman Goma,
Thanks for your question on the Microsoft Q&A portal!
You're trying to connect to an Azure Database for MySQL via a Private Endpoint deployed in the UK South VNet, using a VPN Gateway in the UAE VNet, with VNet peering between the two. You've already configured DNS zones, verified NSGs, and confirmed that DNS resolution maps correctly to the private IP—yet the connection still times out.This situation mostly stems from network configuration or routing issues between your laptop and the private endpoint in the peered VNet.
Here are the few steps to fix the issue:
1.Check VNet Peering Configuration:
Verify that the VNet peering between UAE VNet and UK South VNet:Has Allow Forwarded Traffic enabled on both VNets.
The UAE VNet is configured to Use Remote Gateway if the VPN Gateway is in UAE VNet.
The UK South VNet allows Gateway Transit if needed.
2.Validate VPN Gateway Routing:
Check routing settings on the VPN Gateway and the associated subnets:
Make sure your VPN client’s IP address range has routes to the UK South VNet subnet where the private endpoint resides.
Use Azure Network Watcher’s Connection troubleshoot tool to test connectivity from a VM in UAE VNet to the private endpoint IP.
3.Network Security Groups and Firewalls:
Ensure the NSGs on both VNets’ subnets allow inbound and outbound TCP traffic on port 3306 (default for MySQL).
Also, verify local firewall on your laptop isn’t blocking outbound MySQL traffic.
4.Private Endpoint Health
Confirm in Azure portal that the private endpoint status is Approved and healthy.
5.DNS Resolution
Verify your laptop is using DNS servers that can resolve the private DNS zone privatelink.mysql.database.azure.com linked to both VNets and that resolution maps correctly to the private IP.
6.Connection Testing:
From your laptop, try simple connection tests like:
telnet <private_endpoint_ip> 3306
or
nc -vz <private_endpoint_ip> 3306
to check if the MySQL port is reachable.
7.MySQL Client Configuration:
Use the fully qualified domain name (FQDN) provided by the private endpoint for connection, not just the IP address, to ensure proper SSL/TLS validation.
Useful Documents:
- Troubleshooting private endpoint connectivity:
https://learn.microsoft.com/en-us/azure/private-link/troubleshoot-private-endpoint-connectivity - Networking for Azure Database for MySQL Flexible Server:
https://learn.microsoft.com/en-us/azure/mysql/flexible-server/concepts-networking-vnet - https://learn.microsoft.com/en-us/azure/network-watcher/connection-troubleshoot-overview
- https://learn.microsoft.com/en-us/azure/network-watcher/connection-troubleshoot-manage?tabs=portal
The timeout is usually due to routing, peering, or firewall configurations blocking traffic to the private endpoint over your VPN connection. By going through each of the steps above, you can identify and correct the network path issues to successfully connect to your MySQL database.
I hope this helps you resolve the issue. If you have any further quires, I am happy to assist
Thanks,
Pranitha
- Troubleshooting private endpoint connectivity:
-
Pranitha Maddi 475 Reputation points Microsoft External Staff Moderator
2025-08-28T13:17:24.8733333+00:00 Hi Abdelrhman Goma,
Just checking to see if you have a chance to check my previous response and helped, do let me know if you have any further questions on this.Thanks,
Pranitha
-
Pranitha Maddi 475 Reputation points Microsoft External Staff Moderator
2025-08-29T13:58:28.8+00:00 Hi Abdelrhman Goma,
Following up to see if you have a chance to check my previous response and helped, do let me know if you have any further questions on this.
Thanks,
Pranitha
Sign in to comment
Sign in to answer