You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/vpn-gateway/point-to-site-about.md
+13-23Lines changed: 13 additions & 23 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,24 +25,24 @@ Point-to-site VPN can use one of the following protocols:
25
25
26
26
27
27
>[!NOTE]
28
-
>IKEv2 and OpenVPN for P2S are available for the [Resource Manager deployment model](../azure-resource-manager/management/deployment-models.md) only. They are not available for the classic deployment model.
28
+
>IKEv2 and OpenVPN for P2S are available for the [Resource Manager deployment model](../azure-resource-manager/management/deployment-models.md) only. They aren't available for the classic deployment model.
29
29
>
30
30
31
31
## <aname="authentication"></a>How are P2S VPN clients authenticated?
32
32
33
33
Before Azure accepts a P2S VPN connection, the user has to be authenticated first. There are two mechanisms that Azure offers to authenticate a connecting user.
34
34
35
-
### Authenticate using native Azure certificate authentication
35
+
### Certificate authentication
36
36
37
37
When using the native Azure certificate authentication, a client certificate that is present on the device is used to authenticate the connecting user. Client certificates are generated from a trusted root certificate and then installed on each client computer. You can use a root certificate that was generated using an Enterprise solution, or you can generate a self-signed certificate.
38
38
39
39
The validation of the client certificate is performed by the VPN gateway and happens during establishment of the P2S VPN connection. The root certificate is required for the validation and must be uploaded to Azure.
40
40
41
-
### Authenticate using native Azure Active Directory authentication
41
+
### Azure Active Directory authentication
42
42
43
43
Azure AD authentication allows users to connect to Azure using their Azure Active Directory credentials. Native Azure AD authentication is only supported for OpenVPN protocol and also requires the use of the [Azure VPN Client](https://go.microsoft.com/fwlink/?linkid=2117554). The supported client operation systems are Windows 10 or later and macOS.
44
44
45
-
With native Azure AD authentication, you can leverage Azure AD's conditional access as well as Multi-Factor Authentication (MFA) features for VPN.
45
+
With native Azure AD authentication, you can use Azure AD's conditional access and Multi-Factor Authentication (MFA) features for VPN.
46
46
47
47
At a high level, you need to perform the following steps to configure Azure AD authentication:
48
48
@@ -55,10 +55,9 @@ At a high level, you need to perform the following steps to configure Azure AD a
55
55
* Install using Client Install files: [https://aka.ms/azvpnclientdownload](https://aka.ms/azvpnclientdownload).
56
56
* Install directly, when signed in on a client computer: [Microsoft Store](https://go.microsoft.com/fwlink/?linkid=2117554).
57
57
58
+
### Active Directory (AD) Domain Server
58
59
59
-
### Authenticate using Active Directory (AD) Domain Server
60
-
61
-
AD Domain authentication allows users to connect to Azure using their organization domain credentials. It requires a RADIUS server that integrates with the AD server. Organizations can also leverage their existing RADIUS deployment.
60
+
AD Domain authentication allows users to connect to Azure using their organization domain credentials. It requires a RADIUS server that integrates with the AD server. Organizations can also use their existing RADIUS deployment.
62
61
63
62
The RADIUS server could be deployed on-premises or in your Azure VNet. During authentication, the Azure VPN Gateway acts as a pass through and forwards authentication messages back and forth between the RADIUS server and the connecting device. So Gateway reachability to the RADIUS server is important. If the RADIUS server is present on-premises, then a VPN S2S connection from Azure to the on-premises site is required for reachability.
64
63
@@ -70,20 +69,12 @@ A RADIUS server can also integrate with other external identity systems. This op
70
69
71
70
## What are the client configuration requirements?
72
71
73
-
>[!NOTE]
74
-
>For Windows clients, you must have administrator rights on the client device in order to initiate the VPN connection from the client device to Azure.
75
-
>
72
+
The client configuration requirements vary, based on the VPN client that you use, the authentication type, and the protocol. The following table shows the available clients and the corresponding articles for each configuration.
76
73
77
-
Users use the native VPN clients on Windows and Mac devices for P2S. Azure provides a VPN client configuration zip file that contains settings required by these native clients to connect to Azure.
* For Windows devices, the VPN client configuration consists of an installer package that users install on their devices.
80
-
* For Mac devices, it consists of the mobileconfig file that users install on their devices.
81
-
82
-
The zip file also provides the values of some of the important settings on the Azure side that you can use to create your own profile for these devices. Some of the values include the VPN gateway address, configured tunnel types, routes, and the root certificate for gateway validation.
83
-
84
-
>[!NOTE]
85
-
>[!INCLUDE [TLS version changes](../../includes/vpn-gateway-tls-change.md)]
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments