新的Azure门户(无端点)如何通过防火墙从RDP连接到VM [英] New Azure portal (no End Points) how to connect to VM with RDP from behind a firewall

问题描述

我已经在新的Azure门户中创建了VM(非经典，使用资源管理器)，但是我需要从防火墙后面进行连接.

I've created a VM (non-classic, using Resource Manager) in new Azure portal but I need to connect from behind a firewall.

我找到了很多文章，解释如何通过编辑RDP的Endpoint设置来解决该问题，但是在新门户中却没有这样的东西！

I've found a bunch of articles explaining how to solve it by editing an Endpoint settings for RDP, but in the new portal there is nothing like this!

据我了解，入站和出站规则只是防火墙规则，什么也没提供.

Inbound and Outbound rules are just firewall rules as I understand and it gives nothing.

我已从家里连接到它，并尝试使用以下Power Shell脚本将RDP侦听端口更改为不受防火墙阻止的端口:

I've connected to it from home and tried to change RDP listening port to something not blocked by firewall with following power shell script:

Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "PortNumber" -Value 443

重新启动了VM，更改了门户网站上的default-allow-rdp入站规则，但仍然无法连接.

Rebooted VM, changed default-allow-rdp inbound rule on the portal but still unable to connect.

推荐答案

1. 如果使用Resource Manager(非经典)创建了VM，则没有Endpoints配置，也无法按照Matias的回答中所述配置端口(通过允许的端口进入Azure虚拟机).防火墙). 不幸的是，并非所有VM模板都可用于VM Classic界面.我真的很想知道天蓝色的限制是什么.

1. If you created VM using Resource Manager (non-classic), you don't have Endpoints configuration and you can't configure ports as described in answer by Matias (to get to your azure VM via allowed ports in firewall). Unfortunately not all VM templates are available for VM Classic interface. I'd really like to know what is the limitation here in azure.

事实上，即使使用Matias的经典VM解决方案也无法正常工作-我部署了另一个具有经典界面的VM，并按所述配置了Endpoints，但仍然无法从防火墙后面进行连接.但是它在其他任何地方都可以正常工作，我什至不需要更改rdp侦听器端口，当我在Endpoint中更改它时，它会自动更改.

In fact even with classic VM solution from Matias didn't work - I deployed another VM with classic interface, configured Endpoints as described and still can't connect from behind a firewall. But it works fine from anywhere else, I don't even need to change rdp listener port, it's changed automatically when I changed it in Endpoint.

我发现的唯一可行的解​​决方案是使用腻子和SSH隧道从公司防火墙后面的计算机到我的Azure非经典VM上的443端口. 步骤如下:

The only working solution I found was using putty and SSH tunneling from my computer behind corporate firewall to 443 port on my azure non-classic VM. Here are the steps:

• 在腻子中创建与your_azurevm_ip:443的连接 然后去 连接-> SSH->隧道，将端口映射为L49999-> localhost:3389

• In putty you create connection to your_azurevm_ip:443 then go to Connection -> SSH -> Tunnels, map ports for instance as L49999 -> localhost:3389

您需要安装任何免费的SSH服务器到azure VM(我使用过freeSSHd)，并添加用于隧道的授权帐户

You need to install any free SSH server to azure VM (I used freeSSHd), and add authorized account for tunneling

在从腻子建立连接并输入SSH凭据后，您可以使用rdp连接到localhost:49999，并通过SSH隧道将其转发到3389本地VM端口 这很丑陋，但至少可以正常工作.

After you establish connection from putty and enter SSH credentials you connect using rdp to localhost:49999 and it's being forwarded through SSH tunnel to 3389 local VM port It's quite ugly but at least it works.

这篇关于新的Azure门户(无端点)如何通过防火墙从RDP连接到VM的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！