Azure point to site vpn with Azure AD based authentication

Raviraj Velankar 111 Reputation points
2022-09-12T11:18:36.39+00:00

I have following query
If we would like to setup Azure point to site VPN configuration using Azure AD based authentication and would like to use OpenVPN protocol then still we need to have Azure point to site VPN with certificate based authentication configured as a pre-requisite ? If yes then not sure why we need to have that setup ready because we will be using Azure AD based authentication and not Azure certificate based authentication.

Please refer to this Microsoft URL and it says
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-openvpn

"The article steps assume that you already have a working point-to-site environment. If you don't, you can create one using one of the following methods." - https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal

Also I have following second query
if we have S2S VPN with On-prem VPN GW with BGP enabled on same Azure VPN Gateway ( on which client to site VPN tunnels are terminated) then in order to access On-prem IP prefixes for Windows client we need to manually add the routes for those IP Prefixes then what would be next hop IP address we need to mention in Windows Client .. whether it is VPN Gateway private IP address or what is the IP address.. please clarify

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,537 questions
0 comments No comments
{count} votes

Accepted answer
  1. GitaraniSharma-MSFT 49,601 Reputation points Microsoft Employee
    2022-09-12T13:58:25.957+00:00

    Hello @Raviraj Velankar ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you would like to setup Azure point to site VPN using Azure AD based authentication and OpenVPN protocol and you have some queries regarding the pre-requisites/configuration.

    To begin, I would like to inform you that Azure AD authentication is supported only for OpenVPN protocol connections and requires the Azure VPN Client.

    Azure point to site VPN with certificate based authentication is not a pre-requisite for it.
    The doc you are referring is for OpenVPN tunnel type with Certificate based authentication.

    To create Azure point to site VPN using Azure AD based authentication and OpenVPN protocol, please follow the below docs:
    https://learn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant
    https://learn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-client

    To answer your second query,

    SSTP & IKEv2 requires the manual entry of routes as described in the below article:
    https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing#vnetbranchbgp

    OpenVPN will be able to propagate these routes without manual entry.

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.