Point to Site (P2S) VPN Connection Between Azure and On-Premises

March 14, 2022 | Comments(0) |

Introduction to Point to Site VPN Azure:

A Point-to-Site (P2S) VPN connection helps to create a secure connection tunnel to your virtual network (VNet) from an individual client computer device. P2S VPN is established by initiating it from the client’s computer device. This solution is useful for WFH (Work From Home) employees who want to connect to Azure VNets from a remote location. P2S VPN is also a useful solution to use in place of S2S VPN when you have only a few clients that want to connect to a VNet.

Prerequisites:

  • Virtual Network with Subnet (For ex. I have created a Virtual network named VNet-Dev-Centralindia-001)
  • The virtual machine in an above Virtual Network to access it using P2S VPN by its private IP

Configuring Virtual Network gateway

  1. Login to Azure Portal
  2. Go to Virtual Network Gateway service from Azure portal and click on create to fill the data
  3. mayank-MPN is the subscription, VGW-Dev as gateway name, now select the region of your Virtual Network, after that Virtual Network will automatically appear into the Virtual Network Section, SKU as VpnGw1 (includes max 250 connections with 640 Mbps throughput) and keep other options as the default shown in below Screenshot.
    P2S VPN
  4. Provide the gateway subnet range or else it will automatically create based on CIDR, also created Public Ip named VGW-PIP-dev and keep other option as default mentioned in the below screenshot.
    P2S VPN
  5. Provide appropriate tags for the resources. Now click on click + Create and then click on Review + create
    P2S VPN

Create and Export Certificates 

  1. Now open PowerShell and Run as administrator from your local machine to create root and client certificates. Execute the below script in PowerShell to create a root certificate. Once created will be installed in the user certificate app
  2. Now we need to create a client certificate. Execute the below script in PowerShell. The below script will create a ChildCert certificate and install it in the user certificate app.

    P2S VPN
  3. Now we need to export the certificates so that can be used in further steps, Win+R, and open msc or search for Manage user certificates. Right-click on root cert inside certmgr console. Click on Export
    P2S VPN
  4. In Export private key dialogue box, select No, do not export the private key, and click on Next
  5. Select Base-64 encoded X.509(.CER) in export file format dialogue box.
    P2S VPN
  6. In Completing the Certificate Export wizard click on Finish to save the certificate on the computer.
    P2S VPN
  7. To export the client certificate, use the same process, now under the Export Private Key dialogue box, select option Yes, export the private key.
  8. In the Export File Format dialogue box, keep the default option as shown in the screenshot below and click Next
    P2S VPN
  9. Provide a password for the pfx file under the Security dialogue box and keep the encryption type default. Under File to Format dialogue box provide the file name and click on Finish.
    P2S VPN
  10. Now we need to add root certificate in P2S configuration in Azure

Configure Point to site Connection

  1. Now open the newly created Virtual network Gateway VGW-Dev. To define the Address pool from that end users will get IP. Click on the newly created VPN gateway connection.
    -> From the left side Scroll bar click on Point-to-site configuration
    -> After that, click on Configure Now
    P2S VPN
  2. Now provide IP address range for VPN address pool. I will be using 16.0.0/24. In Tunnel Type use both IKEv2 & SSTP(SSL). IKEv2 VPN can be used to connect from Mac devices. SSTP is only supported on Windows devices. Under Authentication type Select Azure Certificates.
    -> No under Root certificates. Under root certificate name type the certificate name and under public certificate data, paste the root certificate content. Open root certificate with notepad.  Do not copy —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– text from the file.
  3. After filling in the information click on Save
    P2S VPN
    P2S VPN

Checking VPN connection 

  1. The configuration part in Azure is completed. Now to check the connection. If you are using another machine need to import the certificate first.
    P2S VPN
  2. Go to Virtual Network gateway In that page, click on Point-to-site configuration. After that, click on Download VPN client
    P2S VPN
  3. Then extract the downloaded file. Check the version of your system for example: 32bit or 64 bit and use file accordingly and click on Run anyway and Yes for install VPN client
    P2S VPN
  4. Click on connect. A new pop-up will open Click on Connectthere also. Now if you have followed the above steps properly the connection will be established successfully
    P2S VPN
  5. In Point-to-site Sessions also, a new session is initiated. Check the IP received from the address pool we specified in configure now tab
    P2S VPN
  6. And you can now RDP the server using its Private IP
    P2S VPN

Conclusion

There are many scenarios in which we have to work on Microsoft Azure Cloud doing experiments and execution, or we have to set up some Application Server on which different people have to work like a team, such as a team of developers is working on a project which is hosted on Microsoft Azure platform and the developers are located in different Geolocation. These kinds of scenarios for which Azure provides Point to Site VPN Secure connectivity so that every individual connects remotely with a secure SSTP VPN connection and performs his job.

About CloudThat

CloudThat is the official Microsoft Gold Partner, AWS Advanced Consulting Partner, and Training partner helping people develop knowledge on cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

Feel free to drop a comment or any queries that you have regarding AWS services, cloud adoption, consulting and we will get back to you quickly. To get started, go through our Expert Advisory page and Managed Services Package that is CloudThat’s offerings.


Leave a Reply