Update point-to-site-vpn-client-cert-linux.md

stegag · web-flow · commit 2b0b4b8e84eb · 2023-03-01T17:54:47.000+01:00
diff --git a/articles/vpn-gateway/point-to-site-vpn-client-cert-linux.md b/articles/vpn-gateway/point-to-site-vpn-client-cert-linux.md
@@ -113,7 +113,17 @@ This section walks you through the configuration using the strongSwan CLI.
 
 1. From the VPN client profile configuration files **Generic** folder, copy or move the **VpnServerRoot.cer** to **/etc/ipsec.d/cacerts**.
 
-1. Copy or move **cp client.p12** to **/etc/ipsec.d/private/**. This file is the client certificate for the VPN gateway.
+1. Copy or move the p12 file you generated to **/etc/ipsec.d/private/**. This file is the client certificate for the VPN gateway. Use the following command:
+
+   ```
+   sudo cp "${USERNAME}.p12"  /etc/ipsec.d/private/
+   ```
+
+1. Run the following command to take note of your hostname. You’ll use this value in the next step.
+
+   ```
+   hostnamectl --static
+   ```
 
 1. Open the **VpnSettings.xml** file and copy the `<VpnServer>` value. You’ll use this value in the next step.
 
@@ -126,25 +136,31 @@ This section walks you through the configuration using the strongSwan CLI.
          leftfirewall=yes
          left=%any
          leftauth=eap-tls
-         leftid=%client # use the DNS alternative name prefixed with the %
-         right= Enter the VPN Server value here# Azure VPN gateway address
-         rightid=% # Enter the VPN Server value here# Azure VPN gateway FQDN with %
+         leftid=%client # use the hostname of your machine with % character prepended. Example: %client
+         right= #Azure VPN gateway address. Example: azuregateway-xxx-xxx.vpn.azure.com
+         rightid=% #Azure VPN gateway FQDN with % character prepended. Example: %azuregateway-xxx-xxx.vpn.azure.com
          rightsubnet=0.0.0.0/0
          leftsourceip=%config
          auto=add
    ```
+   
+   
 
-1. Add the following values to **/etc/ipsec.secrets**.
+1. Add the secret values to **/etc/ipsec.secrets**.
 
+   The name of the p.12 file must match what you have used earlier.
+   The password must also match the password chosen when generating the certificates.
+   
+   This is an example command to run on a machine which hostname is "client" and certificate password is "password"
    ```cli
    : P12 client.p12 'password' # key filename inside /etc/ipsec.d/private directory
    ```
 
-1. Run the following commands:
+1. Finally run the following commands:
 
    ```cli
-   # ipsec restart
-   # ipsec up azure
+   sudo ipsec restart
+   sudo ipsec up azure
    ```
 
 ## <a name="openvpn"></a>OpenVPN steps
