Unable to connect to Azure VPN on Mac.

Daniel Teran 65 Reputation points
2023-11-07T09:35:20.02+00:00

I have exported a VNG archive from Azure, retrieved hostname from 'Generic' folder and root certificate. I have installed root certificate and generated a client certificate using root cert and root key that I created some time ago and uploaded to Azure. I have both certs in Azure and I have configured VPN connection properly (chose certificate, IKEv2, specified the same local ID as name of certificate). I am facing two issues:

  • If I generate a PKCS12 certificate with openssl pkcs12 command without '-legacy' option, Mac won't accept the password for certificate during import though it's 100% correct, I have tried around 10 times and only generation with '-legacy' option made Mac to accept the password during import
  • Now once the certificate is imported and set up, when I connect to VPN, I get instantly disconnected less than in 1 second. I already have an existing duplicate VPN connection with another client certificate I set up some time ago which works.

What am I doing wrong?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,535 questions
{count} votes

Accepted answer
  1. GitaraniSharma-MSFT 49,601 Reputation points Microsoft Employee
    2023-11-09T18:33:37.41+00:00

    Hello @Daniel Teran ,

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.

    Issue:

    You were unable to connect to Azure VPN on Mac using the Certificate authentication. If you generate a PKCS12 certificate with OpenSSL pkcs12 command without '-legacy' option, Mac won't accept the password for certificate during import. Mac accepts the password when the certificate was generated with '-legacy' option, but when you connect to VPN, you get instantly disconnected less than in 1 second.

    Solution:

    The issue was resolved after generating second root certificate and uploading it to Azure VPN gateway. Now both the old client certificate (it wasn't revoked) and new certificates are working. It seems like a temporary glitch.

    If you have any other questions or are still running into more issues, please let me know.

    Thank you again for your time and patience throughout this issue.


    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Daniel Teran 65 Reputation points
    2023-11-22T15:10:39.04+00:00

    Hello. The issue was resolved after generating second root certificate and uploading it to Azure VNG. The weird thing that now both client certificates signed by old certificate (it wasn't revoked) and new certificate are working. Like it was glitched or something.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.