Merge pull request #264130 from cherylmc/p2s-clientike

JamesJBarnett · web-flow · commit 326c14c65a7f · 2024-01-25T13:48:45.000-07:00
P2s clientike
diff --git a/articles/vpn-gateway/TOC.yml b/articles/vpn-gateway/TOC.yml
@@ -181,27 +181,33 @@
         href: vpn-gateway-p2s-advertise-custom-routes.md
       - name: Create custom IPsec policies for point-to-site
         href: create-custom-policies-p2s-ps.md
-    - name: Client configuration
+    - name: VPN client configuration
       items:
-      - name: Certificate authentication clients
+      - name: Certificate authentication
         items:
-        - name: Windows
-          href: point-to-site-vpn-client-cert-windows.md
-        - name: macOS-iOS
-          href: point-to-site-vpn-client-cert-mac.md
-        - name: Linux
-          href: point-to-site-vpn-client-cert-linux.md
-        - name: Install client certificates
-          href: point-to-site-how-to-vpn-client-install-azure-cert.md
-      - name: RADIUS authentication clients
+        - name: VPN client configuration files and workflow
+          items:
+          - name: Windows
+            href: point-to-site-vpn-client-cert-windows.md
+          - name: macOS-iOS
+            href: point-to-site-vpn-client-cert-mac.md
+          - name: Linux
+            href: point-to-site-vpn-client-cert-linux.md
+        - name: Configure VPN clients
+          items:
+          - name: Install client certificates
+            href: point-to-site-how-to-vpn-client-install-azure-cert.md
+          - name: Configure Windows native VPN client
+            href: point-to-site-vpn-client-certificate-windows-native.md
+      - name: RADIUS authentication
         items:
         - name: Certificate authentication clients
           href: point-to-site-vpn-client-configuration-radius-certificate.md
         - name: Password authentication clients
           href: point-to-site-vpn-client-configuration-radius-password.md
         - name: Other authentication protocols
           href: point-to-site-vpn-client-configuration-radius-other.md
-      - name: Microsoft Entra authentication clients
+      - name: Microsoft Entra authentication
         items:
         - name: Windows
           href: openvpn-azure-ad-client.md
diff --git a/articles/vpn-gateway/point-to-site-vpn-client-cert-windows.md b/articles/vpn-gateway/point-to-site-vpn-client-cert-windows.md
@@ -6,7 +6,7 @@ author: cherylmc
 ms.service: vpn-gateway
 ms.custom: devx-track-azurepowershell
 ms.topic: how-to
-ms.date: 01/17/2024
+ms.date: 01/25/2024
 ms.author: cherylmc
 ---
 
@@ -24,20 +24,16 @@ Before beginning the workflow, verify that you're on the correct article. The fo
 
 [!INCLUDE [All client articles](../../includes/vpn-gateway-vpn-client-install-articles.md)]
 
->[!IMPORTANT]
->[!INCLUDE [TLS](../../includes/vpn-gateway-tls-change.md)]
-
 ## Workflow
 
 In this article, we start with generating VPN client configuration files and client certificates:
 
-1. [Generate files to configure the VPN client](#1-generate-vpn-client-configuration-files)
-1. [Generate certificates for the VPN client](#2-generate-client-certificates)
-
-After the steps in these sections are completed, continue on to [3. Configure the VPN client](#3-configure-the-vpn-client). The steps you use to configure your VPN client depend on the tunnel type for your P2S VPN gateway, and the VPN client on the client computer.
+1. [Generate files to configure the VPN client](#1-generate-vpn-client-configuration-files).
+1. [Generate certificates for the VPN client](#2-generate-client-certificates).
+1. [Configure the VPN client](#3-configure-the-vpn-client). The steps you use to configure your VPN client depend on the tunnel type for your P2S VPN gateway, and the VPN client on the client computer.
 
-* **IKEv2 and SSTP - native VPN client steps** -  If your P2S VPN gateway is configured to use IKEv2/SSTP and certificate authentication, you can connect to your VNet using the native VPN client that's part of your Windows operating system. This configuration doesn't require additional client software. See [IKEv2 and SSTP - native VPN client](#ike).
-* **OpenVPN** - If your P2S VPN gateway is configured to use an OpenVPN tunnel and certificate authentication, you have the option of using either the [Azure VPN Client](#openvpn), or the [OpenVPN client](#azurevpn).
+   * **IKEv2 and SSTP - native VPN client steps** -  If your P2S VPN gateway is configured to use IKEv2/SSTP and certificate authentication, you can connect to your VNet using the native VPN client that's part of your Windows operating system. This configuration doesn't require additional client software. For steps, see [IKEv2 and SSTP - native VPN client](point-to-site-vpn-client-certificate-windows-native.md).
+   * **OpenVPN** - If your P2S VPN gateway is configured to use an OpenVPN tunnel and certificate authentication, you have the option of using either the [Azure VPN Client](#openvpn), or the [OpenVPN client](#azurevpn) steps in this article.
 
 ## 1. Generate VPN client configuration files
 
@@ -66,37 +62,10 @@ In many cases, you can install the client certificate directly on the client com
 
 Next, configure the VPN client. Select from the following instructions:
 
-* [IKEv2 and SSTP - native VPN client steps](#ike)
+* [IKEv2 and SSTP - native VPN client steps](point-to-site-vpn-client-certificate-windows-native.md)
 * [OpenVPN - OpenVPN client steps](#openvpn)
 * [OpenVPN - Azure VPN Client steps](#azurevpn)
 
-## <a name="ike"></a>Native VPN client steps - IKEv2/SSTP
-
-If your P2S VPN gateway is configured to use IKEv2/SSTP and certificate authentication, you can connect to your VNet using the native VPN client that's part of your Windows operating system. This configuration doesn't require additional client software.
-
-### <a name="view-ike"></a>View configuration files
-
-Unzip the VPN client profile configuration file to view the following folders:
-
-* **WindowsAmd64** and **WindowsX86**, which contain the Windows 64-bit and 32-bit installer packages, respectively. The **WindowsAmd64** installer package is for all supported 64-bit Windows clients, not just Amd.
-* **Generic**, which contains general information used to create your own VPN client configuration. The Generic folder is provided if IKEv2 or SSTP+IKEv2 was configured on the gateway. If only SSTP is configured, then the Generic folder isn’t present.
-
-### <a name="install"></a>Configure VPN client profile
-
-You can use the same VPN client configuration package on each Windows client computer, as long as the version matches the architecture for the client. For the list of client operating systems that are supported, see the point-to-site section of the [VPN Gateway FAQ](vpn-gateway-vpn-faq.md#P2S).
-
->[!NOTE]
->You must have Administrator rights on the Windows client computer from which you want to connect.
-
-1. Select the VPN client configuration files that correspond to the architecture of the Windows computer. For a 64-bit processor architecture, choose the 'VpnClientSetupAmd64' installer package. For a 32-bit processor architecture, choose the 'VpnClientSetupX86' installer package.
-
-1. Double-click the package to install it. If you see a SmartScreen popup, click **More info**, then **Run anyway**.
-
-1. Install the client certificate. Typically, you can do this by double-clicking the certificate file and providing a password if required. For more information, see [Install client certificates](point-to-site-how-to-vpn-client-install-azure-cert.md).
-
-1. Connect to your VPN. Go to the **VPN** settings and locate the VPN connection that you created. It's the same name as your virtual network. Select **Connect**. A pop-up message might appear. Select **Continue** to use elevated privileges.
-1. On the **Connection status** page, select **Connect** to start the connection. If you see a **Select Certificate** screen, verify that the client certificate showing is the one that you want to use to connect. If it isn't, use the drop-down arrow to select the correct certificate, and then select **OK**.
-
 ## <a name="azurevpn"></a>Azure VPN Client steps - OpenVPN
 
 If your P2S VPN gateway is configured to use an OpenVPN tunnel type and certificate authentication, you can connect using the Azure VPN Client.
diff --git a/articles/vpn-gateway/point-to-site-vpn-client-certificate-windows-native.md b/articles/vpn-gateway/point-to-site-vpn-client-certificate-windows-native.md
@@ -0,0 +1,60 @@
+---
+title: 'Configure P2S VPN clients: certificate authentication: Windows native client'
+titleSuffix: Azure VPN Gateway
+description: Learn how to configure the native VPN client on a Windows computer for point-to-site certificate authentication connections.
+author: cherylmc
+ms.topic: how-to
+ms.service: vpn-gateway
+ms.date: 01/25/2024
+ms.author: cherylmc
+---
+
+# Configure the Windows native VPN client for P2S Certificate Authentication connections
+
+If your point-to-site (P2S) VPN gateway is configured to use IKEv2/SSTP and certificate authentication, you can connect to your virtual network using the native VPN client that's part of your Windows operating system. This article walks you through the steps to configure the native VPN client and connect to your virtual network.
+
+## Before you begin
+
+This article assumes that you've already performed the following prerequisites:
+
+* You created and configured your VPN gateway for point-to-site certificate authentication and an IKEv2/SSTP tunnel type. See [Configure server settings for P2S VPN Gateway connections - certificate authentication](vpn-gateway-howto-point-to-site-resource-manager-portal.md) for steps.
+* You generated client certificates and downloaded the VPN client configuration files. See [Point-to-site VPN clients: certificate authentication - Windows ](point-to-site-vpn-client-cert-windows.md)
+
+Before beginning the workflow, verify that you're on the correct VPN client configuration article. The following table shows the configuration articles available for VPN Gateway point-to-site VPN clients. Steps differ, depending on the authentication type, tunnel type, and the client OS.
+
+[!INCLUDE [All client articles](../../includes/vpn-gateway-vpn-client-install-articles.md)]
+
+## View configuration files
+
+The VPN client profile configuration package contains specific folders. The files within the folders contain the settings needed to configure the VPN client profile on the client computer. The files and the settings they contain are specific to the VPN gateway and the type of authentication and tunnel your VPN gateway is configured to use.
+
+Locate and unzip the VPN client profile configuration package you generated. For Certificate authentication and IKEv2/SSTP, you'll see the following files:
+
+* **WindowsAmd64** and **WindowsX86** contain the Windows 64-bit and 32-bit installer packages, respectively. The **WindowsAmd64** installer package is for all supported 64-bit Windows clients, not just AMD.
+* **Generic** contains general information used to create your own VPN client configuration. The Generic folder is provided if IKEv2 or SSTP+IKEv2 was configured on the gateway. If only SSTP is configured, then the Generic folder isn’t present.
+
+## Configure the VPN client profile
+
+To connect, you'll first need to configure the VPN client with the required settings. You do this by configuring the VPN client profile using the settings contained in the VPN client configuration package. The settings in the package are specific to the VPN gateway to which you connect.
+
+You can use the same VPN client configuration package on each Windows client computer, as long as the version matches the architecture for the client. For the list of client operating systems that are supported, see the point-to-site section of the [VPN Gateway FAQ](vpn-gateway-vpn-faq.md#P2S).
+
+>[!NOTE]
+>You must have Administrator rights on the Windows client computer from which you want to connect.
+
+1. Select the VPN client configuration files that correspond to the architecture of the Windows computer. For a 64-bit processor architecture, choose the 'VpnClientSetupAmd64' installer package. For a 32-bit processor architecture, choose the 'VpnClientSetupX86' installer package.
+
+1. Double-click the package to install it. If you see a SmartScreen popup, select **More info**, then **Run anyway**.
+
+1. Install the client certificate. Typically, you can do this by double-clicking the certificate file and providing a password (if required). For more information, see [Install client certificates](point-to-site-how-to-vpn-client-install-azure-cert.md).
+
+## Connect
+
+Connect to your virtual network via point-to-site VPN.
+
+1. Go to the **VPN** settings and locate the VPN connection that you created. It's the same name as your virtual network. Select **Connect**. A pop-up message might appear. Select **Continue** to use elevated privileges.
+1. On the **Connection status** page, select **Connect** to start the connection. If you see a **Select Certificate** screen, verify that the client certificate showing is the one that you want to use to connect. If it isn't, use the drop-down arrow to select the correct certificate, and then select **OK**.
+
+## Next steps
+
+[Point-to-site configuration steps](vpn-gateway-howto-point-to-site-resource-manager-portal.md)
diff --git a/includes/vpn-gateway-vpn-client-install-articles.md b/includes/vpn-gateway-vpn-client-install-articles.md
@@ -1,18 +1,19 @@
 ---
 author: cherylmc
 ms.author: cherylmc
-ms.date: 07/29/2022
+ms.date: 01/25/2024
 ms.service: vpn-gateway
 ms.topic: include
 ---
 
-| Authentication | Tunnel type | HowTo article |
-| --- | --- | --- |
-| Azure certificate | IKEv2, OpenVPN, SSTP   | [Windows](../articles/vpn-gateway/point-to-site-vpn-client-cert-windows.md)|
-| Azure certificate | IKEv2, OpenVPN  |[macOS-iOS](../articles/vpn-gateway/point-to-site-vpn-client-cert-mac.md)|
-| Azure certificate |  IKEv2, OpenVPN  | [Linux](../articles/vpn-gateway/point-to-site-vpn-client-cert-linux.md) |
-| Microsoft Entra ID |OpenVPN (SSL) | [Windows](../articles/vpn-gateway/openvpn-azure-ad-client.md) |
-| Microsoft Entra ID | OpenVPN (SSL)| [macOS](../articles/vpn-gateway/openvpn-azure-ad-client-mac.md) |
-| RADIUS - certificate |  - |[Article](../articles/vpn-gateway/point-to-site-vpn-client-configuration-radius-certificate.md)|
-| RADIUS -  password | - |[Article](../articles/vpn-gateway/point-to-site-vpn-client-configuration-radius-password.md)|
-| RADIUS - other methods |  - |[Article](../articles/vpn-gateway/point-to-site-vpn-client-configuration-radius-other.md)|
+| Authentication | Tunnel type | Generate config files| Configure VPN client |
+| --- | --- | --- |---|
+| Azure certificate | IKEv2, SSTP   | [Windows](../articles/vpn-gateway/point-to-site-vpn-client-cert-windows.md)| [Native VPN client](../articles/vpn-gateway/point-to-site-vpn-client-certificate-windows-native.md)
+| Azure certificate | OpenVPN  | [Windows](../articles/vpn-gateway/point-to-site-vpn-client-cert-windows.md)|- [OpenVPN client](../articles/vpn-gateway/point-to-site-vpn-client-cert-windows.md#openvpn)<br>- [Azure VPN client](../articles/vpn-gateway/point-to-site-vpn-client-cert-windows.md#azurevpn)
+| Azure certificate | IKEv2, OpenVPN  |[macOS-iOS](../articles/vpn-gateway/point-to-site-vpn-client-cert-mac.md)|[macOS-iOS](../articles/vpn-gateway/point-to-site-vpn-client-cert-mac.md)|
+| Azure certificate |  IKEv2, OpenVPN  | [Linux](../articles/vpn-gateway/point-to-site-vpn-client-cert-linux.md) |[Linux](../articles/vpn-gateway/point-to-site-vpn-client-cert-linux.md) |
+| Microsoft Entra ID |OpenVPN (SSL) | [Windows](../articles/vpn-gateway/openvpn-azure-ad-client.md) |[Windows](../articles/vpn-gateway/openvpn-azure-ad-client.md) |
+| Microsoft Entra ID | OpenVPN (SSL)| [macOS](../articles/vpn-gateway/openvpn-azure-ad-client-mac.md) |[macOS](../articles/vpn-gateway/openvpn-azure-ad-client-mac.md) |
+| RADIUS - certificate |  - |[Article](../articles/vpn-gateway/point-to-site-vpn-client-configuration-radius-certificate.md)|[Article](../articles/vpn-gateway/point-to-site-vpn-client-configuration-radius-certificate.md)|
+| RADIUS -  password | - |[Article](../articles/vpn-gateway/point-to-site-vpn-client-configuration-radius-password.md)|[Article](../articles/vpn-gateway/point-to-site-vpn-client-configuration-radius-password.md)|
+| RADIUS - other methods |  - |[Article](../articles/vpn-gateway/point-to-site-vpn-client-configuration-radius-other.md)|[Article](../articles/vpn-gateway/point-to-site-vpn-client-configuration-radius-other.md)|
