Pick an address pool for your remote clients to use, (make sure it does not overlap with any of your assets, and don’t use 192.168.1.0/24, or 192.168.0.0/24, Note: These will work, but most home networks use these ranges, and let’s not build in potential routing problems before we start!)Ĭhoose IKEv2 and SSTP > Authentication Type = Azure Certificate > Enter your Root CA details, and paste in the PEM text, you copied above > Save > Time for another coffee! Open the ROOT CA CERT with Notepad, and copy all the text BETWEEN -BEGIN CERTIFICATE- and -END CERTIFICATE- Note: This is unlike most scenarios, when working with PEM files, where you select everything, (it tripped me up!)īack in Azure > Select your Virtual Network Gateway > Select ‘ User VPN Connection’ (seriously, thanks Microsoft be consistent eh!) > ‘ Configure now‘. You DON’T export the private key > Save as Base-64 encoded > Again save it somewhere sensible, you will also need it in a minute. However for our run through, execute the following TWO commands I’d suggest setting up a decent PKI infrastructure, Then using auto-enrolment for your users to get client certificates. This wont scale very well in a production environment. I told you I’d be quick, however the Gateway will take a few minutes to deploy, (time for a coffee.)įor the purpose of this tutorial I’ll just create some certificates with PowerShell, (a root CA cert, and a client cert signed by that root certificate). Make sure it’s set for VPN (Route Based) > Connected to your Virtual Network > Either create (or assign) a public IP to it. Now to terminate a VPN, you need a ‘ Virtual Network Gateway‘. To annoy the other network engineers, I’ve made it a /24, but to be honest a /29 is usually good enough). So far so good, within your virtual network you will need to create, (if you don’t already have one,) a ‘ Gateway Subnet‘. ( Note: I like to delete the ‘ default‘ subnet and create one with a sensible name). You will need a Resource Group, and in that Resource Group you will need a Virtual Network.
#Azure point to site vpn auto connect full
This is not a full Azure tutorial, I’m assuming, as you want to connect to existing Azure resources, you will already have most of this setup already. So regardless whether you are on or off the corporate LAN, you can connect to your Azure Virtual Networks. Well the Microsoft solution for that is called an ‘ Azure Point to Site VPN‘, even though in the current Azure UI they’ve called it ‘ User VPN Configuration‘, because ‘Hey! Screw consistency and documentation that goes out of date every time a developer has a bright idea, and updates the UI’ Note: I have a thing about things being changed in GUIs! Now on further investigation this client had a Cisco vASA so a VPN was the best option for them, ( probably).īut what if they didn’t? Or what if they were ‘working from home’ and needed to access their Azure servers that were not otherwise publicly accessible? I got an email this afternoon, a client had a server in a private cloud and a server in Azure, they needed to transfer files from the Azure server to the server in the private cloud. Given my background I’m usually more comfortable connecting to Azure with a Route Based VPN from a hardware device, like a Cisco ASA.