Azure VPN P2S VPN Client Configuration is not exporting root certificate

Reuben Fischman 0 Reputation points
2023-05-02T13:01:37.7533333+00:00

I have followed the how-to guides to create a Point-to-Site configuration for an Azure VPN Gateway.

Tunnel Type: OpenVPN (SSL)

Authentication Type: Azure Certificate

I've pasted in my root certificate and then saved the configuration. When I click "Download VPN Client" I get a ZIp file that contains multiple XML files.

I then use the Azure VPN Client for "OpenVPN: Azure Client Steps" as described in this article: https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-cert-windows#code-try-0

When I import the azurevpnconfig.xml into the client, instead of having the Root certificate I imported selected, it shows a root certificate of "DigiCert Global Root G2"

When I look at the other XMl files in the ZIP file, the generic XML file has the DigiCert Global Root certificate included in it, INSTEAD of my imported root certificate.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,374 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jackson Martins 9,641 Reputation points MVP
    2023-05-02T13:11:12.2166667+00:00

    hi @Reuben

    It seems that you are experiencing an issue with the Azure VPN Client, where it is not correctly importing your root certificate., I wrote an article showing how to import certificates and download the clients

    https://4future.com.br/index.php/2022/10/17/configurando-cliente-vpn-azure-point-to-site-p2s/

    Translate to english
    https://4future-com-br.translate.goog/index.php/2022/10/17/configurando-cliente-vpn-azure-point-to-site-p2s/?_x_tr_sl=pt&_x_tr_tl=en&_x_tr_hl=pt-BR&_x_tr_pto=wapp

    If the Azure VPN Client still shows the DigiCert Global Root G2 certificate, you can try manually importing your root certificate into the client:

    • Open the Azure VPN Client.
    • Go to "Settings" > "Certificates".
    • Click "Import" and then browse to the location where your root certificate file is saved. Select your root certificate file and click "Open".
    • Your root certificate should now appear in the list of certificates.

    Re-import the azurevpnconfig.xml

    Get in touch if you need more help with this issue.

    --please don't forget to "[Accept the answer]" if the reply is helpful--

  2. ChaitanyaNaykodi-MSFT 22,701 Reputation points Microsoft Employee
    2023-05-03T22:56:06.7333333+00:00

    @Reuben Fischman

    Thank you for reaching out.

    In addition to the troubleshooting step mentioned by Jackson Martins below. Can you please try below mentioned steps and see if that helps mitigating the issue?

    • Try reinstalling the VPN Client and see if this helps in getting rid of this issue.
    • Based on the issue described below "Server did not respond properly to the VPN Control PAckets. Session State: TLS handshake in progress" You can check the Azure VPN Gateway's diagnostic logs and see if you are able to pin-point the issue here.
    • If it helps you can also do a packet capture at client side using WireShark or TCP dump and at the VPN Gateway to help determine the issue.

    Please let me know if you have any question here. Thank you!

    0 comments