Jump to content













Photo
- - - - -

Azure Start Point | Point-to-Site VPN

  Posted by Pantelis Apostolidis , in Azure 13 June 2018 · 23 views

Azure Start Point | Point-to-Site VPN
In this post series we will go through some basic steps on how to start with Microsoft Azure. At this post we will see how we can create Point-to-Site VPN connection with Azure.

If you don’t have an Azure Subscription, you can easily create a free trial by just going to https://azure.micros...com/en-us/free/

Create typical a VIrtual Network

Posted Image

In order to create Point-to-Site VPN connection it needs a Virtual Network Gateway. Go to the Virtual Network, Subnets and add a Gateway Subnet.

Posted Image

FInally we can add the Virtual Network Gateway. From the portal, create a Virtual Network Gateway resource and add it to the previously created Virtual Network.

Posted Image

The Virtual Network Gateway can take up to 45 minutes to be created.

Once the Virtual Network Gateway is created we need one more step. To configure Point-to-site. Open the Virtual Network Gateway and press configure.

Posted Image

We will need a root and a client self-signed certificate to complete the setup. Using a WIndows 10 or Windows Server 2016 machine we can make use of the New-SelfSignedCertificate cmdlet that makes the process easy. The whole process is described here: https://docs.microso...s-point-to-site

For the root certificate run the below PowerShell using ISE:

 



1


2


3


4



$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `

-Subject "CN=prodevrootcert" -KeyExportPolicy Exportable `

-HashAlgorithm sha256 -KeyLength 2048 `

-CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign

For the client certificate run the below PowerShell using ISE:

 



1


2


3


4



$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `

-Subject "CN=prodevrootcert" -KeyExportPolicy Exportable `

-HashAlgorithm sha256 -KeyLength 2048 `

-CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign

Export the root certificate public key in cer format using MMC, open the Certificates snap-in and select “current user”. Find the root certificate under Personal –> Certificates and right click –> All Tasks export

Posted Image

Select to “not export the private key” and use Base64 encoded.

Posted Image

Export the client certificate by selecting “export the private key” , select the “include all certificates in the certification path” and the “enable certificate privacy”. Add a password and export it to pfx file.

Posted Image

this pfx file must be installed to all the client computers that will use this Point-to-Site connection.

Now lets go back to the Point-to-Site configuration page. Add an address pool that the VPN clients will use. This subnet must be different from the Virtual Network address space.

Posted Image

Then open the root certificate, the cer file, using notepad, copy the text between the Begin and End marks.

Posted Image

Paste the certificate text to the “Root certificated” –> Public certificate data” field and add a name to the “Name” field.

Posted Image

Press Save and the “Download VPN Client” button will be enabled and we can download the VPN client.

In order to establish the VPN connection we need to install the VPN Client and the Client “pfx” certificate to the workstation.