General introduction
Microsoft Tunnel is a VPN gateway for Microsoft Intune. It runs within a container environment on a Linux host and allows secure access to on-premises resources for Android and iOS devices.
When you configure Microsoft Tunnel, you’ll find in the official documentation the following phrase:
Configure multiple NICs per server (Optional): We recommend using two Network Interface controllers (NICs) per Linux server to improve performance, though use of two is optional.
Since I found no public reference to sample configurations, I wanted to share my Linux network configuration to save some time for others. For the networking part, because I’m using Ubuntu 22.04 for this demo, everything is managed by netplan.
For context, the two NICs we’ll configure will be one public facing and one in the internal network. The VM is hosted on a local hypervisor in my network.
Steps
First, get the name of your interfaces by running ip a or lshw -C network and note them down. In my lab, the two NICs are ens160 and ens192.
# Get the available NICs
lshw -C network
Then, we have to identify the default netplan file
# Move to the netplan folder
cd /etc/netplan
# Get the available config files
ls
In my case, the file was called /etc/netplan/50-cloud-init.yaml
# Edit the default config file using your favourite text editor. For this example, we'll use nano
nano /etc/netplan/50-cloud-init.yaml
Now paste the following inside the configuration after making the following changes:
- Under ens160 -> addresses, replace X.X.X.X with your public IP address and /27 with your subnet mask
- Under ens160 -> nameservers -> addresses, replace 1.1.1.1,8.8.8.8 with your nameservers
- Under ens160 -> routes -> via, replace Y.Y.Y.Y with your gateway IP
- Under ens192 -> addresses, replace 10.0.0.4 with your private IP address and /27 with your subnet mask
- Under ens192 -> nameservers -> addresses, replace 1.1.1.1,8.8.8.8 with your nameservers
- Under ens160 -> routes -> to, replace 192.168.1.0/24 with the on-prem network hosting your applications.
- Under ens160 -> routes -> via, replace 10.0.0.1 with the gateway of the IP you configured under under ens192 -> addresses
This is the network config written by 'subiquity'
network:
ethernets:
ens160:
dhcp4: no
addresses: [X.X.X.X/27]
nameservers:
addresses: [1.1.1.1,8,.8.8.8]
routes:
- to: default
via: Y.Y.Y.Y
ens192:
dhcp4: no
addresses: [10.0.0.4/27]
nameservers:
addresses: [1.1.1.1,8,.8.8.8]
routes:
- to: 192.168.1.0/24
via: 10.0.0.1
version: 2
Then, run the following command to check that everything went well:
netplan generate
Apply the network config and check that the configuration was applied:
netplan apply
ip a
Finally, restart the Microsoft Tunnel, if already installed:
mst-cli server restart
Azvise 