Posted on

Point to Site VPN Azure

Hello everyone!

We are here, talking a little about Point to site VPN Azure. But when I will need to do this?


Imagine if you are far away, without your business' laptop. You need to connect to your environment to change some virtual configs and you need to be in your private address to connect. Good history, but there are some cases that it happens! Believe or not!
Point-to-Site (or P2S) VPN is a way your computer connects directally with your azure environment (not just Azure, tipically is called Point-to-Site).
point-to-siteImage Source: Google Images
Until the moment we are writting this post, the VPN support up to 128 VPN clients at the same time.
So, lets start..... since nothing to work (I'll creating the scenario from zero).
Some scenario information here:

VMName: P2SVPNScenario
VMIP: 10.0.1.4
Resource Group: RGP2SVPNScenario
RGP2SVPNScenario Address 10.0.0.0/16
Default Subnet range:10.0.1.0/24
Gateway Subnet range: 10.0.2.0/28
Point-tosite configuration address pool: 172.16.0/28

Point-to-site creating virtual machine
Point-to-site choosing the vm sizePoint-to-site creating new virtual networkPoint-to-site setings virtual networkPoint-to-site summary creating vmPoint-to-site creating gateway subnetPoint-to-site add gateway subnet range
Point-to-site general subnets 

Now, we need to create the Virtual Network Gateway...

Point-to-site creating new virtual network gateway
Point-to-site choose virtual networkPoint-to-site creating the public IP
Now, lets creating the virtual network gateway. This step will take several minutes.....

Point-to-site general virtual network gateway
zzzzzzzzzzzzzzzzzzz After 23 minutes and 25 seconds to be exact...
Point-to-site virtual network gateway created
Now, we need to configurate it.

Point-to-site configure now virtual network gateway
Put the Address pool to the VPN address...
And then, you need to load the certificate information...

Point-to-site configuring virtual network gatewayPoint-to-site certificate details to load
After, the image will be like this:

Point-to-site virtual network gateway as this
Save and then Download VPN client....

Point-to-site download vpn client virtual network gateway
Accept the message to continue......

Point-to-site wish install vpn client azure
Sorry for some parts in portuguese... but I know you can understand!

Point-to-site VPN created
Our VM internal IP.....

Point-to-site vm internal ip
Just to test... I'm trying to ping and timed out.....

Point-to-site trying to test timed out
Now, lets connect to the VPN..

Point-to-site azure client VPNPoint-to-site azure client vpn request
And yes! Working!
Point-to-site azure vpn works
And 2 tricks for you!

You need to add the certificate key of your root certificate - The Chain CA Certificate, to do this, you need to export as base 64!!!
The certificate that you need to use, must have in the field Enhanced Key Usage the Cient Authentication option!


Point-to-site certificate tricks
Enjoy!
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s