Setting up Azure’s P2S VPN Gateway with PowerShell — Part 3/3
This post outlines Steps 8–10 of the series of 10 steps to create an Azure P2S Connection. Do these steps AFTER COMPLETING Steps 1–4 given in Setting up Azure’s P2S VPN Gateway with PowerShell -Part 1/3 and Steps 5–7 given in Setting up Azure’s P2S VPN Gateway with PowerShell -Part 2/3
Steps 1- 7 for Creating P2S Connection:
1. Log in to Azure and set variables
2. Configure a VNet
3. Create the VPN Gateway
4. Add the VPN client address pool
5. Generate certificates
6. Upload the root certificate public key info to Azure
7. Install an exported client certificate
Steps 8–10 for Creating P2S Connection:
8. Configure the VPN on client computer
9. Connect to Azure
10. Verify P2S VPN Connection
8. Configure the VPN on the client machine
#A.Generate files using POSH:
$profile=New-AzureRmVpnClientConfiguration -ResourceGroupName $RG -Name $GWName -AuthenticationMethod "EapTls"$profile.VPNProfileSASUrl
#B.Copy the URL to your browser to download the zip file, then unzip the file to view the folders
#C.Install on Windows: Read the following: Create and Install VPN Client Configuration Files
9. Connect to Azure VNet via VPN
A. On client computer, navigate to Settings > Network & Internet > VPN > Connect:
The VPN adapter is showing as connected via SSTP in the Network Adapters of the client:
In the Azure Portal, the Point-to-site configuration blade shows 1 connection and shows the Allocated IP address of that connection:
10. Verify Connection from Client to VNet
A. Ping the internal IP address of an Azure VM in the P2S VNet:
B. Using RDP, connect to the internal IP address of an Azure VM in the P2S VNet:
C. If you’re not using a DNS server in addition to Azure’s default DNS service, adding the name and IP address to the client computer’s hosts file (C:\Windows\System32\drivers\etc\hosts) will allow remote connections via IP address or host name, by mapping IP addresses to host names.
Adding the client’s assigned Gateway App Pool IP address and name to the hosts file of an Azure VM will allow connection via IP or client name — good for verifying the connection from the Azure VM to the client. However, each time the client computer is restarted, a new VPN connection must be made manually, and the P2S Gateway allocates a NEW IP address from the address pool — so the Azure VMs hosts file would have to be updated! The P2S Gateway is always ‘on’, but VPN sessions won’t persist if the client computer leaves the VPN network.
- Setting up Azure’s P2S VPN Gateway with PowerShell -Part 1/3 Steps 1–4)
- Setting up Azure’s P2S VPN Gateway with PowerShell -Part 2/3 (Steps 5–7)
Resources:
- ARM Quick Template: Create a Point-to-Site Gateway
- About Point-to-Site VPN
- Configure a Point-to-Site connection to a VNet using native Azure certificate authentication: Azure portal
- Configure a Point-to-Site connection to a VNet using native Azure certificate authentication: PowerShell
- Generate and export certificates for Point-to-Site connections using PowerShell on Windows 10 or Windows Server 2016
- Create and install VPN client configuration files for native Azure certificate authentication Point-to-Site configurations
- PowerShell script to create and export self-signed certificate
Originally published at https://arlanblogs.alvarnet.com on May 28, 2018.
