Azure VPN P2S VPN Client Configuration is not exporting root certificate

Question

Azure VPN P2S VPN Client Configuration is not exporting root certificate

Reuben Fischman 0

I have followed the how-to guides to create a Point-to-Site configuration for an Azure VPN Gateway.

Tunnel Type: OpenVPN (SSL)

Authentication Type: Azure Certificate

I've pasted in my root certificate and then saved the configuration. When I click "Download VPN Client" I get a ZIp file that contains multiple XML files.

I then use the Azure VPN Client for "OpenVPN: Azure Client Steps" as described in this article: https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-cert-windows#code-try-0

When I import the azurevpnconfig.xml into the client, instead of having the Root certificate I imported selected, it shows a root certificate of "DigiCert Global Root G2"

When I look at the other XMl files in the ZIP file, the generic XML file has the DigiCert Global Root certificate included in it, INSTEAD of my imported root certificate.

ChaitanyaNaykodi-MSFT 13,031 Reputation points Microsoft Employee

2023-05-03T22:56:06.7333333+00:00
@Reuben Fischman

Thank you for reaching out.

In addition to the troubleshooting step mentioned by Jackson Martins below. Can you please try below mentioned steps and see if that helps mitigating the issue?

Try reinstalling the VPN Client and see if this helps in getting rid of this issue.

Based on the issue described below "Server did not respond properly to the VPN Control PAckets. Session State: TLS handshake in progress" You can check the Azure VPN Gateway's diagnostic logs and see if you are able to pin-point the issue here.

If it helps you can also do a packet capture at client side using WireShark or TCP dump and at the VPN Gateway to help determine the issue.

Please let me know if you have any question here. Thank you!
ChaitanyaNaykodi-MSFT 13,031 Reputation points Microsoft Employee

2023-05-04T19:44:24.7133333+00:00

@Reuben Fischman

Just following up here to see if you were able take a look at my comment above. Thank you!
ChaitanyaNaykodi-MSFT 13,031 Reputation points Microsoft Employee

2023-05-05T17:07:14.7733333+00:00

@Reuben Fischman

Just following up here to see if you were able take a look at my comment above. Thank you!

ChaitanyaNaykodi-MSFT 13,031 Reputation points Microsoft Employee

2023-05-03T22:56:06.7333333+00:00

@Reuben Fischman

Thank you for reaching out.

In addition to the troubleshooting step mentioned by Jackson Martins below. Can you please try below mentioned steps and see if that helps mitigating the issue?

Try reinstalling the VPN Client and see if this helps in getting rid of this issue.

Based on the issue described below "Server did not respond properly to the VPN Control PAckets. Session State: TLS handshake in progress" You can check the Azure VPN Gateway's diagnostic logs and see if you are able to pin-point the issue here.

If it helps you can also do a packet capture at client side using WireShark or TCP dump and at the VPN Gateway to help determine the issue.

Please let me know if you have any question here. Thank you!
ChaitanyaNaykodi-MSFT 13,031 Reputation points Microsoft Employee

2023-05-04T19:44:24.7133333+00:00

@Reuben Fischman

Just following up here to see if you were able take a look at my comment above. Thank you!
ChaitanyaNaykodi-MSFT 13,031 Reputation points Microsoft Employee

2023-05-05T17:07:14.7733333+00:00

@Reuben Fischman

Just following up here to see if you were able take a look at my comment above. Thank you!

Answer 1

Jackson Martins 7,381

hi @Reuben

It seems that you are experiencing an issue with the Azure VPN Client, where it is not correctly importing your root certificate., I wrote an article showing how to import certificates and download the clients

https://4future.com.br/index.php/2022/10/17/configurando-cliente-vpn-azure-point-to-site-p2s/

Translate to english
https://4future-com-br.translate.goog/index.php/2022/10/17/configurando-cliente-vpn-azure-point-to-site-p2s/?_x_tr_sl=pt&_x_tr_tl=en&_x_tr_hl=pt-BR&_x_tr_pto=wapp

If the Azure VPN Client still shows the DigiCert Global Root G2 certificate, you can try manually importing your root certificate into the client:

Open the Azure VPN Client.
Go to "Settings" > "Certificates".
Click "Import" and then browse to the location where your root certificate file is saved. Select your root certificate file and click "Open".
Your root certificate should now appear in the list of certificates.

Re-import the azurevpnconfig.xml

Get in touch if you need more help with this issue.

--please don't forget to "[Accept the answer]" if the reply is helpful--

Reuben Fischman 0 Reputation points

2023-05-02T13:49:44.09+00:00

Unfortunately, this did not help. I don't see any option to import certificates within the Azure VPN Client. I already have my root certificate installed on my local machine in the trusted root certificate folder.

Within the VPN client, I am able to select my root certificate. But even selecting that, my VPN connections are failing with "Server did not respond properly to the VPN Control PAckets. Session State: TLS handshake in progress"
Jackson Martins 7,381 Reputation points

2023-05-02T13:54:27.67+00:00

what version of windows are you using? if it is windows 7 there is a process to be done

there are some tips here

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-vpn-point-to-site-connection-problems
Jackson Martins 7,381 Reputation points

2023-05-02T13:55:49.01+00:00

And check whether the local time is correct
Reuben Fischman 0 Reputation points

2023-05-02T14:16:41.93+00:00

Windows 11. Local time is correct
Jackson Martins 7,381 Reputation points

2023-05-02T17:51:56.2866667+00:00

Are you using openvpn client or windows 11 client from microsoft store?

try with openvpn client installed, check if it gives the same error, and also the client logs that will be generated

Azure VPN P2S VPN Client Configuration is not exporting root certificate

1 answer

Activity