Azure – Networking – Part 13 – Configure Azure Point-to-Site VPN

Hello Friends,

Today, we will continue our discussion on Virtual Network Gateway. As we discussed in our last article today we will discuss on how to configure Azure Point-to-Site VPN. So Let’s Start with basic of Point-to-Site VPN.

If you have missed our previous articles on azure networking, please check it in following links.

Part 7 – Create An Application Gateway With URL-Based Routing Configuration- 1

Part 8 – PowerShell To Create An Application Gateway With URL-Based Routing Configuration- 2

Part 9 – Configure Custom Domain In Azure DNS

Part 10 – Issue when Configure DNS Records In Azure DNS

Part 11 – ExpressRoute

Part 12 – Azure VPN Network Gateway

Point-to-Site Connectivity :

  • Point-to-Site VPN enable us to connect from our local machine to Azure over a Secure Socket Tunneling Protocol (SSTP).
  • This uses Certificate Authentication between the client machine and the virtual network in Azure.
  • This means we have to create some certificates and install them in the right place.
  • A Point-to-Site connection is established by starting it from the client computer.
  • Point-to-Site VPN is also a useful solution to use instead of Site-to-Site VPN when we have only a few clients that need to connect to a VNet .

Demo :

In our last article, we have already created the Virtual Network Gateway. Now we will configure Point-to-Site VPN connection of our Virtual Network Gateway ( Knowledge_Junction_Network_GW) . Let’s go-through following steps.

  1. Create and Export Root Certificate

SSL certificate is playing a major role to configure a P2S Vpn connection. We can use power-shell or makecert.exe of Window SDK to create SSL certificate. In this article, we will use Window SDK to create our certificate. Let’s first install Window SDK for Win-10 . We can download Window SDK from this URL. Installation can be followed as shown in the following figures.

Figure 1: Azure – Networking _ Download and Install Window SDK for win 10
Figure 2: Azure – Networking _ Installing Window SDK for win 10

Once we have done with the Window SDK installation . We can find the makecert.exe under “C:\Program Files (x86)\Windows Kits\10\bin\x86” location as shown in the following figure.

Figure 3: Azure – Networking _ Installed Window SDK for win 10

For this demo, we need to create two different SSL certificate. One is Root Certificate (ManasP2SVpnRootCert) with “.cer” extension and that need to be upload in Azure. After create the root certificate, when exporting the certificate, do not export it with private key as using following steps.

  • Open Command prompt and Go to Directory – C:\Program Files (x86)\Windows Kits\10\bin\x86
  • Run Command – makecert -sky exchange -r -n “CN=ManasP2SVpnRootCert” -pe -a sha1 -len 2048 -ss My
Figure 4 : Azure Networking _Create SSL Certificate
  • Run MMC to open Microsoft Management console.
  • Add new snap-in for Certificates if not available.
  • Find Cert in Personal\Certificates and Export to BASE64 without Password and save with .cer extension as shown in following figures.
Figure 5 : Azure Networking _Open Microsoft Management Console
Figure 5 : Azure Networking _Add new Snap-in to Microsoft Management Console (MMC)
Figure 6 : Azure Networking _Point-to-Point Vpn-Export root certificate

2. Create and Export Client Certificate

The second certificate is Client Certificate (ManasP2SVpnClientCert) with .pfx extension. We will create the client certificate for the root certificate and when export the client certificate. and this needs to be installed on client machine. Let’s start create our client certificates using following steps.

  • Open Command prompt and Go to Directory – C:\Program Files (x86)\Windows Kits\10\bin\x86
  • Run Command – makecert.exe -n “CN=ManasP2SVpnClientCert” -pe -sky exchange -m 96 -ss My -in “ManasP2SVpnRootCert” -is my -a sha1
Figure 7 : Azure Networking _Create Client Certificate
  • Run MMC to open Microsoft Management console.
  • Add new snap-in for Certificates if not available.
  • Find Cert in Personal\Certificates and Export to BASE64 with private key and Password . Save with .pfx extension as shown in following figures.
Figure 8 : Azure Networking _Export Client Certificate

3. Configure Virtual Network Gateway VPN

We are ready with our both certificates. Now time comes to configure the Point-to-Site Vpn connection in Azure. Let’s go-through the following steps.

  • Connect to your Azure portal dashboard using your subscription account. If you don’t have any subscription, in that case you can get trial Azure subscription with one-month of validity. Then you can connect to the azure portal dashboard as in following figure.
Figure 9: Azure – portal dashboard

  • Find our existing virtual network gateway from all resources as shown in the following figure.
Figure 10 : Azure Networking _Point-to-Site VPN_ find virtual network gateway
  • Open Knowledge_Junction_Network_GW and have a quick look of its overview, configuration etc as shown in the following figures.
Figure 11 : Azure Networking _Point-to-Site VPN_ virtual network gateway page
  • Go to Point-to-Site configuration landing page.
Figure 12 : Azure Networking _Point-to-Site configuration landing page
  • As we can see in the above figure, we have not configured the connection yet. Let’s start with the configuration by clicking Configure Now link as shown in the above figure.
  • To proceed with the configuration we need to provide following information and also add the details for root certificate (ManasP2SVpnRootCert).
Figure 13 : Azure Networking _Point-to-Site configuration page
  • Before adding details of root/public certificate , lets open the root certificate (ManasP2SVpnClientCert) in note pad and copy only the key part of it as shown in the following figure.
Figure 14 : Azure Networking _Point-to-Site vpn_ root certificate data
  • Put name of your root certificate and paste the copied certificate key in Public Certificate Data field as shown in the following figure.
Figure 15: Azure Networking _Point-to-Site vpn_ configurations
  • As shown in the above figure after putting all required data click Save button to finalize the Point-to-Site VPN configuration.
  • Once we have save the configuration, Download VPN Client button will be activate and allow us to download the vpn client as shown in the following figure.
Figure 16 : Azure Networking _Point-to-Site vpn _Client VPN download
  • As shown in the following figure it downloaded the client on our local machine.
  • Now we have both VPN Client and Client Certificate.
  • Now we can share these two components with our colleague or team member. They can install both of them and connect the VPN to communicate with resources of our Azure virtual network .
Figure 17: Azure Networking _Point-to-Site vpn _Installing Client certificate
Figure 18: Azure Networking _Point-to-Site vpn _Downloaded client VPN
Figure 19: Azure Networking _Point-to-Site vpn _installing client VPN
Figure 20: Azure Networking _Point-to-Site vpn _installing client VPN 1
Figure 21: Azure Networking _Point-to-Site vpn connected in client machine

4. Testing The P2S VPN Connectivity

As we can see in the above figure our Azure Point-to-Site VPN (KJ_Vnet) has established the connection with Azure . Now it’s time to test the connectivity . We have one Virtual Machine (VM) under KJ_Vnet network in Azure. Let’s try to connect the Azure VM from our client machine.

Figure 22: Azure Networking _Point-to-Site vpn connection tested

Here we go 🙂 . We can see in the above figure, that we are able to connect to the Azure VM under KJ_Vnet from our client machine.

I hope this article helps you to get some knowledge of configuring Point-to-Site VPN.

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.

If you have any suggestion / feedback / doubt, you are most welcome. Stay tuned on Knowledge-Junction, will come up with more such articles

Thanks for reading  🙂

Advertisements

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.