Hello Friends,

Today, we will continue our discussion on Virtual Network Gateway. As we discussed in our last article, today we will discuss on how to configure Azure Point-to-Site VPN. So Let’s Start with basic of Point-to-Site VPN.

Tool Installation Articles :

1. Configure Azure Command Line Interface ( Azure CLI) On Windows
2. Configure PowerShell For Microsoft Azure Az Module On Windows

Previous Azure Series :

1. Learn Basics Of Azure Networking In 100 Hours
2. Learn Basics Of Microsoft Azure Storage services
3. Learn Basic Of Azure Active Directory And Azure Identity And Access Management
4. Azure DevOps – Learn at one place
5. Learn Basics Of Lift-And-Shift Migration To Azure

If you have missed our previous articles on networking, please check them in following links.

Part 7 – Create An Application Gateway With URL-Based Routing Configuration- 1

Part 8 – PowerShell To Create An Application Gateway With URL-Based Routing Configuration- 2

Part 9 – Configure Custom Domain In Azure DNS

Part 10 – Issue when Configure DNS Records In Azure DNS

Part 11 – ExpressRoute

Part 12 – Azure VPN Network Gateway

Next Article : Part 14 – Configure Azure VNet-to-VNet Connection

Point-to-Site Connectivity :

• Point-to-Site VPN enable us to connect from our local machine to Azure over a Secure Socket Tunneling Protocol (SSTP).
• This uses Certificate Authentication between the client machine and the virtual network in Azure.
• This means we have to create some certificates and install them in the right place.
• A Point-to-Site connection is established by starting it from the client computer.
• Point-to-Site VPN is also a useful solution to use instead of Site-to-Site VPN when we have only a few clients that need to connect to a VNet .

Demo :

In our last article, we have already created the Virtual Network Gateway. Now we will configure Point-to-Site VPN connection of our Virtual Network Gateway ( Knowledge_Junction_Network_GW) . Let’s go-through following steps.

1. Create and Export Root Certificate

SSL certificate is playing a major role to configure a P2S Vpn connection. We can use power-shell or makecert.exe of Window SDK to create SSL certificate. In this article, we will use Window SDK to create our certificate. Let’s first install Window SDK for Win-10 . We can download Window SDK from this URL. Installation can be followed as shown in the following figures.

Once we have done with the Window SDK installation . We can find the makecert.exe under “C:\Program Files (x86)\Windows Kits\10\bin\x86” location as shown in the following figure.

For this demo, we need to create two different SSL certificate. One is Root Certificate (ManasP2SVpnRootCert) with “.cer” extension and that need to be upload in Azure. After create the root certificate, when exporting the certificate, do not export it with private key as using following steps.

• Open Command prompt and Go to Directory – C:\Program Files (x86)\Windows Kits\10\bin\x86
• Run Command – makecert -sky exchange -r -n “CN=ManasP2SVpnRootCert” -pe -a sha1 -len 2048 -ss My

• Run MMC to open Microsoft Management console.
• Add new snap-in for Certificates if not available.
• Find Cert in Personal\Certificates and Export to BASE64 without Password and save with .cer extension as shown in following figures.

2. Create and Export Client Certificate

The second certificate is Client Certificate (ManasP2SVpnClientCert) with .pfx extension. We will create the client certificate for the root certificate and when export the client certificate. and this needs to be installed on client machine. Let’s start create our client certificates using following steps.

• Open Command prompt and Go to Directory – C:\Program Files (x86)\Windows Kits\10\bin\x86
• Run Command – makecert.exe -n “CN=ManasP2SVpnClientCert” -pe -sky exchange -m 96 -ss My -in “ManasP2SVpnRootCert” -is my -a sha1

• Run MMC to open Microsoft Management console.
• Add new snap-in for Certificates if not available.
• Find Cert in Personal\Certificates and Export to BASE64 with private key and Password . Save with .pfx extension as shown in following figures.

3. Configure Virtual Network Gateway VPN

We are ready with our both certificates. Now time comes to configure the Point-to-Site Vpn connection in Azure. Let’s go-through the following steps.

• Connect to your Azure portal dashboard using your subscription account. If you don’t have any subscription, in that case you can get trial Azure subscription with one-month of validity. Then you can connect to the azure portal dashboard as in following figure.

• Find our existing virtual network gateway from all resources as shown in the following figure.

• Open Knowledge_Junction_Network_GW and have a quick look of its overview, configuration etc as shown in the following figures.

• Go to Point-to-Site configuration landing page.

• As we can see in the above figure, we have not configured the connection yet. Let’s start with the configuration by clicking Configure Now link as shown in the above figure.
• To proceed with the configuration we need to provide following information and also add the details for root certificate (ManasP2SVpnRootCert).

• Before adding details of root/public certificate , lets open the root certificate (ManasP2SVpnClientCert) in note pad and copy only the key part of it as shown in the following figure.

• Put name of your root certificate and paste the copied certificate key in Public Certificate Data field as shown in the following figure.

• As shown in the above figure after putting all required data click Save button to finalize the Point-to-Site VPN configuration.
• Once we have save the configuration, Download VPN Client button will be activate and allow us to download the vpn client as shown in the following figure.

• As shown in the following figure it downloaded the client on our local machine.
• Now we have both VPN Client and Client Certificate.
• Now we can share these two components with our colleague or team member. They can install both of them and connect the VPN to communicate with resources of our Azure virtual network .

4. Testing The P2S VPN Connectivity

As we can see in the above figure our Azure Point-to-Site VPN (KJ_Vnet) has established the connection with Azure . Now it’s time to test the connectivity . We have one Virtual Machine (VM) under KJ_Vnet network in Azure. Let’s try to connect the Azure VM from our client machine.

Here we go 🙂 . We can see in the above figure, that we are able to connect to the Azure VM under KJ_Vnet from our client machine.

I hope this article helps you to get some knowledge of configuring Point-to-Site VPN. My next article of this series is Part 14 – Configure Azure VNet-to-VNet Connection .

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.

If you have any suggestion / feedback / doubt, you are most welcome. Stay tuned on Knowledge-Junction, will come up with more such articles

Thanks for reading  🙂