Hello @William Bondy ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you created a VPN gateway and configured a site-to-site connection successfully and now you would like to configure point-to-site VPN connection on the gateway for remote clients to connect to Azure using L2TP/Pre-shared key option, but you don't see the option.
First, I would like to draw your attention towards the P2S VPN support on Basic VPN gateway. Point to site VPN gateway can only be configured on a RouteBased Basic VPN Gateway and only SSTP connections are supported. If you are using a PolicyBased Basic VPN Gateway, then point to site VPN configuration will not be available.
Another thing to note here is Azure Point-to-site VPN can use one of the following protocols: OpenVPN, Secure Socket Tunneling Protocol (SSTP) and IKEv2 VPN.
Azure Point-to-site VPN doesn't support L2TP protocol. The pre-shared key authentication option is only available for site-to-site connections.
For point-to-site VPN, we have the below available authentication mechanisms:
- Azure certificate authentication
- Azure Active Directory authentication
- RADIUS - certificate
- RADIUS - password
- RADIUS - other methods
From your screenshot, it looks like you have a RouteBased Basic VPN Gateway. For a RouteBased Basic VPN Gateway, the protocol is by default set to SSTP, and you cannot see a tunnel type option. You will only see a "Root Certificate" option to upload root certificates for P2S VPN connectivity.
You can use either a root certificate that was generated with an enterprise solution (recommended) or generate a self-signed certificate.
After you upload the root certificate to your Point to site VPN configuration, you need to install the client certificate on the machine from where you want to connect to Azure and then download the VPN client from the portal to install it on the machine.
If you don't want to use SSTP protocol or Azure certificate authentication, then you need to upgrade your VPN gateway to a SKU which supports other protocols such as IKEv2/OpenVPN and authentication such as AzureAD/Radius.
With the exception of the Basic SKU, you can resize your gateway to a gateway SKU within the same SKU family. For example, if you have a Standard SKU, you can resize to a HighPerformance SKU. However, you can't resize your VPN gateway between the old SKUs and the new SKU families. For example, you can't go from a Standard SKU to a VpnGw2 SKU, or a Basic SKU to VpnGw1.
The resizing of VpnGw SKUs is allowed within the same generation, except resizing of the Basic SKU. The Basic SKU is a legacy SKU and has feature limitations. In order to move from Basic to another SKU, you must delete the Basic SKU VPN gateway and create a new gateway with the desired Generation and SKU size combination.
Meaning you cannot re-size or upgrade your Basic SKU to any other SKU via Portal. To change to the new gateway SKU, you need to delete the existing VPN gateway and create a new VPN gateway.
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.