Azure, Cloud Computing

5 Mins Read

Point to Site (P2S) VPN Connection Between Azure and On-Premises

Voiced by Amazon Polly

Introduction to Point to Site VPN Azure:

A Point-to-Site (P2S) VPN connection helps to create a secure connection tunnel to your virtual network (VNet) from an individual client computer device. P2S VPN is established by initiating it from the client’s computer device. This solution is useful for WFH (Work From Home) employees who want to connect to Azure VNets from a remote location. P2S VPN is also a useful solution to use in place of S2S VPN when you have only a few clients that want to connect to a VNet.

Customized Cloud Solutions to Drive your Business Success

  • Cloud Migration
  • Devops
  • AIML & IoT
Know More

Prerequisites:

  • Virtual Network with Subnet (For ex. I have created a Virtual network named VNet-Dev-Centralindia-001)
  • The virtual machine in an above Virtual Network to access it using P2S VPN by its private IP

Configuring Virtual Network gateway

  1. Login to Azure Portal
  2. Go to Virtual Network Gateway service from Azure portal and click on create to fill the data
  3. mayank-MPN is the subscription, VGW-Dev as gateway name, now select the region of your Virtual Network, after that Virtual Network will automatically appear into the Virtual Network Section, SKU as VpnGw1 (includes max 250 connections with 640 Mbps throughput) and keep other options as the default shown in below Screenshot.
  4. Provide the gateway subnet range or else it will automatically create based on CIDR, also created Public Ip named VGW-PIP-dev and keep other option as default mentioned in the below screenshot.
  5. Provide appropriate tags for the resources. Now click on click + Create and then click on Review + create

Create and Export Certificates

  1. Now open PowerShell and Run as administrator from your local machine to create root and client certificates. Execute the below script in PowerShell to create a root certificate. Once created will be installed in the user certificate app
  2. Now we need to create a client certificate. Execute the below script in PowerShell. The below script will create a ChildCert certificate and install it in the user certificate app.

  3. Now we need to export the certificates so that can be used in further steps, Win+R, and open msc or search for Manage user certificates. Right-click on root cert inside certmgr console. Click on Export
  4. In Export private key dialogue box, select No, do not export the private key, and click on Next
  5. Select Base-64 encoded X.509(.CER) in export file format dialogue box.
  6. In Completing the Certificate Export wizard click on Finish to save the certificate on the computer.
  7. To export the client certificate, use the same process, now under the Export Private Key dialogue box, select option Yes, export the private key.
  8. In the Export File Format dialogue box, keep the default option as shown in the screenshot below and click Next
  9. Provide a password for the pfx file under the Security dialogue box and keep the encryption type default. Under File to Format dialogue box provide the file name and click on Finish.
  10. Now we need to add root certificate in P2S configuration in Azure

 

Configure Point to site Connection

  1. Now open the newly created Virtual network Gateway VGW-Dev. To define the Address pool from that end users will get IP. Click on the newly created VPN gateway connection.
    -> From the left side Scroll bar click on Point-to-site configuration
    -> After that, click on Configure Now
  2. Now provide IP address range for VPN address pool. I will be using 16.0.0/24. In Tunnel Type use both IKEv2 & SSTP(SSL). IKEv2 VPN can be used to connect from Mac devices. SSTP is only supported on Windows devices. Under Authentication type Select Azure Certificates.
    -> No under Root certificates. Under root certificate name type the certificate name and under public certificate data, paste the root certificate content. Open root certificate with notepad.  Do not copy —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– text from the file.
  3. After filling in the information click on Save

Checking VPN connection

  1. The configuration part in Azure is completed. Now to check the connection. If you are using another machine need to import the  certificate first.
  2. Go to Virtual Network gateway In that page, click on Point-to-site configuration. After that, click on Download VPN client.
  3. Then extract the downloaded file. Check the version of your system for example: 32bit or 64 bit and use file accordingly and click on Run anyway and Yes for install VPN client
  4. Click on connect. A new pop-up will open Click on Connectthere also. Now if you have followed the above steps properly the connection will be established successfully
  5. In Point-to-site Sessions also, a new session is initiated. Check the IP received from the address pool we specified in configure now tab
  6. And you can now RDP the server using its Private IP

Conclusion

There are many scenarios in which we have to work on Microsoft Azure Cloud doing experiments and execution, or we have to set up some Application Server on which different people have to work like a team, such as a team of developers is working on a project which is hosted on Microsoft Azure platform and the developers are located in different Geolocation. These kinds of scenarios for which Azure provides Point to Site VPN Secure connectivity so that every individual connects remotely with a secure SSTP VPN connection and performs his job.

Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.

  • Cloud Training
  • Customized Training
  • Experiential Learning
Read More

About CloudThat

CloudThat is the official Microsoft Gold Partner, AWS Advanced Consulting Partner, and Training partner helping people develop knowledge on cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

Feel free to drop a comment or any queries that you have regarding AWS services, cloud adoption, consulting and we will get back to you quickly. To get started, go through our Expert Advisory page and Managed Services Package that is CloudThat’s offerings.

WRITTEN BY Mayank Bharawa

Share

Comments

    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!