Migrate Virtual Network Gateway - P2S VPN configuration

Hello @Gregor Anton Grinč ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

I understand that you would like to know if it is possible to migrate Virtual Network Gateway P2S VPN configuration into another Virtual Network Gateway so that end users would not need to set up anything new and could just function like they did until then.

As you rightly mentioned, if you recreate P2S VPN in another subscription with the same root certificates from which the current client certificates are derived, the users won't need to install new client certificates and the existing ones will work.

However, the VPN client configuration may vary depending upon the new VPN gateway P2S configuration & connected Vnet.

If you have a Vnet with the same address range as the old one and create a VPN gateway P2S config with the same address pool as the old one:

Then you just need to edit the VPN server name or address in the existing VPN connection and add the new VPN gateway FQDN.

In case of native windows VPN client:

In case of Standalone Azure VPN client downloaded from MS Store/App center:

If you have a Vnet with different address range and create a VPN gateway P2S config with the different address pool:

Then you can update the new VPN routes in the routes.txt file which can be found in the below location:

C:\Users\UserName\AppData\Roaming\Microsoft\Network\Connections<VirtualNetworkId>\routes.txt

This file should contain your connected Vnet address range, any peered Vnet address range (if gateway transit/use remote gateway options are enabled in the Vnet peering) and the P2S VPN address pool range.

However, it is recommended to download the new VPN Gateway files and install the client again to avoid any issues.

Kindly let us know if the above helps or you need further assistance on this issue.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.