docs(deploy): enhance VPN documentation with detailed client setup instructions

- update README to include VPN client installation links for Windows and macOS
- provide step-by-step instructions for downloading and importing VPN configuration
- clarify connection process for accessing private endpoints

🔒 - Generated by Copilot

Author: agreaves-ms

README.md

@@ -9,7 +9,7 @@ Production-ready framework for orchestrating robotics and AI workloads on [Azure
 | Infrastructure as Code | [Terraform modules](deploy/001-iac/) for reproducible Azure deployments |
 | Dual Orchestration | Submit jobs via [AzureML](workflows/azureml/) or [OSMO](workflows/osmo/) |
 | Workload Identity | Key-less auth via Azure AD ([setup guide](deploy/002-setup/README.md#scenario-2-workload-identity)) |
-| Private Networking | Services on private VNet with optional [VPN gateway](deploy/001-iac/vpn/) |
+| Private Networking | Services on private VNet with optional [VPN gateway](deploy/001-iac/vpn/) ([client setup](deploy/001-iac/vpn/README.md#-vpn-client-setup)) |
 | MLflow Integration | Experiment tracking with Azure ML ([details](docs/mlflow-integration.md)) |
 | GPU Scheduling | [KAI Scheduler](deploy/002-setup/values/kai-scheduler.yaml) for efficient utilization |
 | Auto-scaling | Pay-per-use GPU compute on AKS Spot nodes |

deploy/001-iac/README.md

@@ -197,7 +197,7 @@ cp terraform.tfvars.example terraform.tfvars
 terraform init && terraform apply -var-file=terraform.tfvars
 ```
 
-See [vpn/README.md](vpn/README.md) for client setup and AAD authentication.
+See [vpn/README.md](vpn/README.md) for configuration options and [VPN client setup](vpn/README.md#-vpn-client-setup) for connecting from your local machine.
 
 ### Private DNS for OSMO UI
 

deploy/001-iac/vpn/README.md

@@ -56,10 +56,41 @@ root_certificate_public_data = "MIIC5jCCAc6g..." # Base64-encoded cert
 
 ## 💻 VPN Client Setup
 
-1. Download the VPN client configuration from Azure Portal
-2. Install Azure VPN Client (Windows/macOS) or OpenVPN
-3. Import the downloaded profile
-4. Connect using Azure AD credentials or certificate
+### Install Azure VPN Client
+
+| Platform | Installation |
+|----------|--------------|
+| Windows | [Microsoft Store](https://apps.microsoft.com/detail/9NP355QT2SQB) |
+| macOS | [App Store](https://apps.apple.com/us/app/azure-vpn-client/id1553936137) |
+| Ubuntu 20.04/22.04 | [Microsoft Docs](https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-entra-vpn-client-linux#install-the-azure-vpn-client) |
+
+### Download VPN Configuration
+
+1. Open the [Azure Portal](https://portal.azure.com)
+2. Navigate to your Virtual Network Gateway resource:
+   - Search for "Virtual network gateways" in the portal search bar
+   - Select the gateway matching your deployment (e.g., `vgw-<resource_prefix>-<environment>-<instance>`)
+3. Select **Point-to-site configuration** from the left menu
+4. Click **Download VPN client** button
+5. Save and extract the downloaded ZIP file
+
+### Import Configuration
+
+1. Open the Azure VPN Client application
+2. Click the **+** (Import) button in the bottom left
+3. Navigate to the extracted ZIP folder
+4. Open the `AzureVPN` folder
+5. Select `azurevpnconfig_aad.xml` (for Azure AD authentication)
+6. Click **Save**
+
+### Connect
+
+1. Select the imported connection profile
+2. Click **Connect**
+3. Authenticate with your Azure AD credentials when prompted
+4. Verify connection status shows "Connected"
+
+Once connected, you can access private endpoints including OSMO UI, PostgreSQL, and Redis.
 
 ## 🏢 Site-to-Site VPN
 

deploy/README.md

@@ -59,7 +59,7 @@ Point-to-Site VPN enabling secure remote access to private endpoints. Required f
 - Connecting to private PostgreSQL and Redis from local machine
 - Debugging workloads over private network
 
-See [001-iac/vpn/README.md](001-iac/vpn/README.md) for client setup and AAD authentication.
+See [001-iac/vpn/README.md](001-iac/vpn/README.md) for deployment and [VPN client setup](001-iac/vpn/README.md#-vpn-client-setup).
 
 See the [root README](../README.md) for architecture details.