Steps to create Point-to-Site VPN using Azure Portal
In this blog, we will show you the Steps to create Point-to-Site VPN using Azure Portal.
- Microsoft Azure Subscription
- Windows 10 VM
CREATING RESOURCE GROUP
- From the Azure portal, Click on Resource Groups from the services list.
- Select the Add button to create new resource group.
- Provide the resource group name and its location and click on Create button.
- New resource group will be available on the list.
CREATING VIRTUAL NETWORK AND GATEWAY SUBNET
- Log in to the Azure portal and click on virtual networks from the services list.
- Click on Add button to create the new virtual network.
- We use the 10.0.0.0/16 network for this demo. Provide the required information for remaining fields and click the Create button.
- The new virtual network created successfully.
- Click on the virtual network and select subnets option.
- Select the Gateway subnet option.
- We use 10.0.1.0/24 network for the gateway subnet. Click OK to create a new one. For more information about subnets and Gateway subnets, please check the reference links given below.
- New Gateway Subnet is created successfully.
CREATING VIRTUAL NETWORK GATEWAY
- In the Azure portal, Click on More services and type virtual network gateway in the search box.
- Click on the Add button to create a new Virtual Network Gateway.
- Provide a name for this virtual network gateway and select the gateway type as VPN. Then select the VPN type as Route-based and SKU as VpnGw1.
- Choose the PS-VNET under virtual network section.
Note : The Virtual Network option will be greyed out if the Gateway Subnet was not created properly.
- Create a new public IP or select the existing one for this virtual network gateway.
- Select the resource group location and click on the create button.
- It will take 30 to 35 minutes to create the virtual network gateway.
- Virtual Network Gateway is created successfully.
DOWNLOAD THE WINDOWS SDK
- Open the web browser and access the URL https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk to download the executable file.
- Double click on the executable file to start the installation wizard. Select the Install the Windows Software Development Kit – Windows 10.0.16299.91 to this computer option and click Next.
- Select the option to send the anonymous usage data to Microsoft and click Next.
- Accept the License Agreement.
- By default, we select all the features for our environment. Click Install to start the installation process.
- It will take several minutes to complete the installation.
- Windows SDK is installed successfully.
CREATING ROOT CERTIFICATE
- We are using the makecert.exe to create a self-signed certificate for this VPN. To create, open the command prompt and navigate to C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x86.
- Type the below command to set the path value for windows SDK kit.
SET PATH=%PATH%;C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x86;
- We created a cert folder in C:\ drive to store the certificates.
- Change the folder to c:\cert in command prompt and execute the below command to generate a self-signed root certificate for this VPN network.
makecert -sky exchange -r -n “CN=AzureVpnRootCert” -pe -a sha1 -len 2048 -ss My “AzureVpnRootCert.cer”
- The root certificate will be available in the C:\cert folder.
- Also, the root certificate will be installed on the server. You can check with the certificate manager snap-in.
- Now export the VPN Root certificate in Base64 format. To do that, Open the certificate manager, right click on the certificate and select All tasks – export.
- It opens a new wizard, Click Next to continue.
- Select do not export the private key option and click Next.
- Select the Base-64 encoded X.509 (.CER) option and click Next.
- Provide the path to save the file and click Next.
- Click Finish to complete the wizard.
CREATING CLIENT CERTIFICATE
- Open the command prompt and execute the below command to create a client certificate using the root certificate which we created earlier.
makecert.exe -n “CN=AzureVpnClientCert” -pe -sky exchange -m 96 -ss My -in “AzureVpnRootCert” -is my -a sha1
- The Client certificate has been installed on the machine successfully. you can verify it from the certificate manager snap-in.
- We need to share this certificate with our users along with the VPN client software to access this network from their end. To do that, right click on the client certificate and select All tasks – Export.
- Click Next to continue the wizard.
- Select the Yes, export the private key option and click Next.
- Make sure that you have selected the Include all certificates in the certification path if possible option and select the Next option.
- Provide a password for this certificate and click Next.
- Provide the path and filename for the PFX file.
- Click Finish to complete the wizard.
- Our client certificate is available in C:\cert folder.
COMPRESSING THE ROOT CERTIFICATE
- To create the Point-to-Site VPN, We need to specify the root certificate in a single line. To do that, open the AzureVpnRootCert-Base64.cer in TextPad application.
Note: You can download the TextPad application from this URL https://www.textpad.com/download/#downloads8
- Now the squeeze them into one line as shown below.
CONFIGURE POINT-TO-SITE VPN
- Open the Virtual Network Gateway and click on the PS-VNET-Gateway.
- Click on the Point-to-Site configuration option.
- Select the configure now option.
- Provide an address pool for this VPN. We use the reserved address space 172.20.20.0/24 for this demo. Make sure that this IP range was opened in your environment.
- Leave the default tunneling types are checked.
- Select the authentication type as Azure certificate and copy/paste the squeezed root certificate into the root certificates section.
- Click on Save button to save changes.
- After few minutes Download VPN client option will be available to download the client software.
INSTALLING VPN CLIENT AND CERTIFICATE
- Now provide the VPN Client along with client certificate to the users to access this network from their end.
- Install the VPN Client in your machine based on the OS architecture. We are using 64-bit windows 2016 server for this demo. So, open the windowsAMD64 folder and double click on the VpnClientSetupAmd64.exe file.
- The new connection will be available on the network connection tab.
- Now, right click on the AzureVpnClientCert.pfx file and select Install PFX option.
- From the popup wizard, Select the current user option and click Next.
- Verify the certificate name and click Next.
- Provide the certificate password and continue the wizard.
- Select the Place all certificates in the following store option and select the personal folder.
- Click Finish to complete the import wizard.
- Right-click on the Azure VPN and click Connect.
- It pop-up a new screen, Click on the connect button.
- A new screen will show up to update the routing table. Click continue.
- After few seconds, the connection will establish with azure network successfully.
- We can able to access the Azure VM from our local machine using their local IP.
- We able to access the Azure VM through RDP successfully.
- Verify your VPN connection IP through IPCONFIG command in your local PC.
Thanks for reading this blog. We hope it was useful for you to learn about configured point-to-site VPN using Azure Portal.