Server Secrets in Azure VPN Client config?

All IT Ian 21 Reputation points
2020-07-27T05:52:06.287+00:00

Hi, Just created an Azure VPN Gateway with OpenVPN and I noticed in the azurevpnconfig.xml that we download and use to configure the Azure VPN Client, it contains server secrets? I thought the whole point of server secrets is that they are supposed to remain secret to the server? Doesn't seem very wise to be handing out server secrets to anyone who needs to connect their client app to the VPN surely? I must be missing something?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,636 questions
0 comments No comments
{count} votes

Accepted answer
  1. GitaraniSharma-MSFT 49,721 Reputation points Microsoft Employee
    2020-07-28T07:12:08.457+00:00

    Hello @All IT Ian ,

    In order to configure a VPN client to connect to a virtual network using Point-to-Site VPN and Azure Active Directory authentication with OpenVPN protocol, you need to download the Azure VPN Client and configure a VPN client profile on every computer that wants to connect to the VNet. You can create a client profile on a computer, export it, and then import it to additional computers. The Server Secret can be exported in the P2S VPN client profile. Instructions on how to export a client profile can be found here.

    In the AzureVPN folder, the azurevpnconfig.xml file contains information that is necessary to configure a VPN connection. When you add a connection, you need to use the information such as Audience, Issuer, Tenant, FQDN & ServerSecret etc on the VPN profile details page as shown here. The ServerSecret is nothing but the VPN gateway's preshared key. The VPN client's shared secret must match the Server Shared Secret. If not, the connection would fail in the initial Open VPN Packet itself.

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please don’t forget to "Accept the answer" wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.