Setting up a VPN

Darren Mizzi 21 Reputation points
2022-03-07T11:28:47.647+00:00

Hi I need steps to follow to create a VPN that I can use to connect to an Azure Virtual machine,

Not sure how i can do this,

And also when it comes to the part for the certificates, where do i create the certificates for the users and how?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,407 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,042 questions
{count} votes

Accepted answer
  1. GitaraniSharma-MSFT 48,016 Reputation points Microsoft Employee
    2022-03-07T13:21:00.753+00:00

    Hello @Darren Mizzi ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    In order to create a VPN that you can use to connect to an Azure Virtual machine with certificate authentication, you need to follow the below steps:

    1) Create a VPN gateway in your Azure Vnet. The subnet where you deploy the gateway should be named as GatewaySubnet and should have an address space of /27 or larger (/26,/25 etc.).
    Refer : https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal

    2) Generate certificates for the point to site VPN connection. You need to obtain a root certificate, whose public key information is uploaded to Azure. Then you need to generate client certificates from the trusted root certificate, and install them on each client computer. You can use either a root certificate that was generated with an enterprise solution (recommended), or generate a self-signed certificate.
    Refer : https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal#generatecert

    If you do not have an enterprise certificate solution, you can create a self-signed root certificate & generate a client certificate from it to use them for point to site VPN connection.

    To create a self-signed root certificate and generate client certificates you need to use PowerShell on a Windows 10 machine or Windows Server 2016:
    Refer : https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site

    NOTE: If you do not have access to a Windows 10 or Windows Server 2016 computer, you can use MakeCert to generate certificates. Can also use Linux instructions as documented in the above link.

    3) Upload the root certificate to Azure and configure the point to site settings such as Address pool, tunnel type, authentication type etc.
    Refer : https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal#type

    4) Install the client certificate in your local machine from where you want to access Azure VM (this step needs to be repeated for all the local machines which needs access to Azure via P2S VPN).
    Refer : https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-how-to-vpn-client-install-azure-cert

    5) Download and install the VPN client from Azure portal and connect to it.
    Refer : https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-configuration-azure-cert#generate

    If you face any issues in your Azure point to site VPN connection, you can refer the below troubleshooting doc for various symptoms and their recommended solutions:
    https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-vpn-point-to-site-connection-problems

    Azure Point-to-Site - Certificate authentication FAQs for your reference: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq#P2S

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

0 additional answers

Sort by: Most helpful