×
Steps to create Point-to-Site VPN using Azure Portal
Blog Cloud Computing

Steps to create Point-to-Site VPN using Azure Portal

Steps to create Point-to-Site VPN using Azure Portal

In this blog, we will show you the Steps to create Point-to-Site VPN using Azure Portal.

 

REQUIREMENTS

  • Microsoft Azure Subscription
  • Windows 10 VM

 

CREATING RESOURCE GROUP

  • From the Azure portal, Click on Resource Groups from the services list.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Select the Add button to create new resource group.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Provide the resource group name and its location and click on Create button.

Steps to create Point-to-Site VPN using Azure Portal

 

  • New resource group will be available on the list.

Steps to create Point-to-Site VPN using Azure Portal

 

CREATING VIRTUAL NETWORK AND GATEWAY SUBNET

  • Log in to the Azure portal and click on virtual networks from the services list.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Click on Add button to create the new virtual network.

Steps to create Point-to-Site VPN using Azure Portal

 

  • We use the 10.0.0.0/16 network for this demo. Provide the required information for remaining fields and click the Create button.

Steps to create Point-to-Site VPN using Azure Portal

 

  • The new virtual network created successfully.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Click on the virtual network and select subnets option.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Select the Gateway subnet option.

Steps to create Point-to-Site VPN using Azure Portal

 

  • We use 10.0.1.0/24 network for the gateway subnet. Click OK to create a new one. For more information about subnets and Gateway subnets, please check the reference links given below.

Steps to create Point-to-Site VPN using Azure Portal

 

  • New Gateway Subnet is created successfully.

Steps to create Point-to-Site VPN using Azure Portal

 

CREATING VIRTUAL NETWORK GATEWAY

  • In the Azure portal, Click on More services and type virtual network gateway in the search box.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Click on the Add button to create a new Virtual Network Gateway.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Provide a name for this virtual network gateway and select the gateway type as VPN. Then select the VPN type as Route-based and SKU as VpnGw1.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Choose the PS-VNET under virtual network section.

Steps to create Point-to-Site VPN using Azure Portal

 

Note : The Virtual Network option will be greyed out if the Gateway Subnet was not created properly.

 

  • Create a new public IP or select the existing one for this virtual network gateway.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Select the resource group location and click on the create button.

Steps to create Point-to-Site VPN using Azure Portal

 

  • It will take 30 to 35 minutes to create the virtual network gateway.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Virtual Network Gateway is created successfully.

Steps to create Point-to-Site VPN using Azure Portal

 

DOWNLOAD THE WINDOWS SDK

Steps to create Point-to-Site VPN using Azure Portal

 

  • Double click on the executable file to start the installation wizard. Select the Install the Windows Software Development Kit – Windows 10.0.16299.91 to this computer option and click Next.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Select the option to send the anonymous usage data to Microsoft and click Next.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Accept the License Agreement.

Steps to create Point-to-Site VPN using Azure Portal

 

  • By default, we select all the features for our environment. Click Install to start the installation process.

Steps to create Point-to-Site VPN using Azure Portal

 

  • It will take several minutes to complete the installation.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Windows SDK is installed successfully.

Steps to create Point-to-Site VPN using Azure Portal

 

CREATING ROOT CERTIFICATE

  • We are using the makecert.exe to create a self-signed certificate for this VPN. To create, open the command prompt and navigate to C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x86.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Type the below command to set the path value for windows SDK kit.

SET PATH=%PATH%;C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x86;

Steps to create Point-to-Site VPN using Azure Portal

 

  • We created a cert folder in C:\ drive to store the certificates.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Change the folder to c:\cert in command prompt and execute the below command to generate a self-signed root certificate for this VPN network.

makecert -sky exchange -r -n “CN=AzureVpnRootCert” -pe -a sha1 -len 2048 -ss My “AzureVpnRootCert.cer”

Steps to create Point-to-Site VPN using Azure Portal

 

  • The root certificate will be available in the C:\cert folder.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Also, the root certificate will be installed on the server. You can check with the certificate manager snap-in.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Now export the VPN Root certificate in Base64 format. To do that, Open the certificate manager, right click on the certificate and select All tasks – export.

Steps to create Point-to-Site VPN using Azure Portal

 

  • It opens a new wizard, Click Next to continue.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Select do not export the private key option and click Next.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Select the Base-64 encoded X.509 (.CER) option and click Next.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Provide the path to save the file and click Next.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Click Finish to complete the wizard.

Steps to create Point-to-Site VPN using Azure Portal

 

CREATING CLIENT CERTIFICATE

  • Open the command prompt and execute the below command to create a client certificate using the root certificate which we created earlier.

makecert.exe -n “CN=AzureVpnClientCert” -pe -sky exchange -m 96 -ss My -in “AzureVpnRootCert” -is my -a sha1

Steps to create Point-to-Site VPN using Azure Portal

 

  • The Client certificate has been installed on the machine successfully. you can verify it from the certificate manager snap-in.

Steps to create Point-to-Site VPN using Azure Portal

 

  • We need to share this certificate with our users along with the VPN client software to access this network from their end. To do that, right click on the client certificate and select All tasks – Export.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Click Next to continue the wizard.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Select the Yes, export the private key option and click Next.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Make sure that you have selected the Include all certificates in the certification path if possible option and select the Next option.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Provide a password for this certificate and click Next.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Provide the path and filename for the PFX file.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Click Finish to complete the wizard.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Our client certificate is available in C:\cert folder.

Steps to create Point-to-Site VPN using Azure Portal

 

COMPRESSING THE ROOT CERTIFICATE

  • To create the Point-to-Site VPN, We need to specify the root certificate in a single line. To do that, open the AzureVpnRootCert-Base64.cer in TextPad application.

Steps to create Point-to-Site VPN using Azure Portal

 

Note: You can download the TextPad application from this URL https://www.textpad.com/download/#downloads8

 

  • Now the squeeze them into one line as shown below.

Steps to create Point-to-Site VPN using Azure Portal

 

CONFIGURE POINT-TO-SITE VPN

  • Open the Virtual Network Gateway and click on the PS-VNET-Gateway.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Click on the Point-to-Site configuration option.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Select the configure now option.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Provide an address pool for this VPN. We use the reserved address space 172.20.20.0/24 for this demo. Make sure that this IP range was opened in your environment.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Leave the default tunneling types are checked.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Select the authentication type as Azure certificate and copy/paste the squeezed root certificate into the root certificates section.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Click on Save button to save changes.

Steps to create Point-to-Site VPN using Azure Portal

  • After few minutes Download VPN client option will be available to download the client software.

Steps to create Point-to-Site VPN using Azure Portal

 

INSTALLING VPN CLIENT AND CERTIFICATE

  • Now provide the VPN Client along with client certificate to the users to access this network from their end.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Install the VPN Client in your machine based on the OS architecture. We are using 64-bit windows 2016 server for this demo. So, open the windowsAMD64 folder and double click on the VpnClientSetupAmd64.exe file.

Steps to create Point-to-Site VPN using Azure Portal

 

  • The new connection will be available on the network connection tab.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Now, right click on the AzureVpnClientCert.pfx file and select Install PFX option.

Steps to create Point-to-Site VPN using Azure Portal

 

  • From the popup wizard, Select the current user option and click Next.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Verify the certificate name and click Next.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Provide the certificate password and continue the wizard.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Select the Place all certificates in the following store option and select the personal folder.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Click Finish to complete the import wizard.

Steps to create Point-to-Site VPN using Azure Portal

 

VERIFICATION

  • Right-click on the Azure VPN and click Connect.

Steps to create Point-to-Site VPN using Azure Portal

 

  • It pop-up a new screen, Click on the connect button.

Steps to create Point-to-Site VPN using Azure Portal

 

  • A new screen will show up to update the routing table. Click continue.

Steps to create Point-to-Site VPN using Azure Portal

 

  • After few seconds, the connection will establish with azure network successfully.

Steps to create Point-to-Site VPN using Azure Portal

 

  • We can able to access the Azure VM from our local machine using their local IP.

Steps to create Point-to-Site VPN using Azure Portal

 

Steps to create Point-to-Site VPN using Azure Portal

 

  • We able to access the Azure VM through RDP successfully.

Steps to create Point-to-Site VPN using Azure Portal

 

  • Verify your VPN connection IP through IPCONFIG command in your local PC.

Steps to create Point-to-Site VPN using Azure Portal

 

Reference Links

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-subnet#create-subnet

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings?toc=%2fazure%2fvirtual-network%2ftoc.json#gwsub

https://www.assistanz.com/azure-vpn-overview/

 

VIDEO

Thanks for reading this blog. We hope it was useful for you to learn about configured point-to-site VPN using Azure Portal.

3 thoughts on “Steps to create Point-to-Site VPN using Azure Portal”

  1. Hi Loges,

    Great article, very helpful in setting up the Microsoft Azure VPN gateway. Can you please help me with steps to connect a Ubuntu machine with Microsoft Azure VPN gateway.

    Thanks & Regards,
    Salil

  2. i got the below error “Error: There are more than one matching certificate in the issuer’s my cert store” while creating the “CREATING CLIENT CERTIFICATE”
    makecert.exe -n “CN=AzureVpnClientCert” -pe -sky exchange -m 96 -ss My -in “AzureVpnRootCert” -is my -a sha1

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.