Azure VPN Client - Linux

Author: cherylmc

articles/virtual-wan/TOC.yml

@@ -194,41 +194,15 @@
         href: nat-rules-vpn-gateway-powershell.md
   - name: User VPN (point-to-site)
     items:
-    - name: P2S server configuration
+    - name: Certificate or RADIUS authentication
       items:
-      - name: Certificate or RADIUS authentication
+      - name: P2S server configuration
         items:
-        - name: Configure a P2S VPN
-          items: 
-          - name: Azure portal
-            href: virtual-wan-point-to-site-portal.md
-          - name: PowerShell
-            href: virtual-wan-point-to-site-powershell.md
-        - name: Generate self-signed certificates
-          href: certificates-point-to-site.md
-      - name: Microsoft Entra ID authentication
-        items:
-        - name: Configure P2S - Microsoft-registered VPN client
-          href: point-to-site-entra-gateway.md
-        - name: Configure P2S - manually registered VPN client
-          href: virtual-wan-point-to-site-azure-ad.md
-        - name: Create or modify custom audience app ID
-          href: point-to-site-entra-register-custom-app.md
-        - name: Configure a tenant
-          href: openvpn-azure-ad-tenant.md
-        - name: Configure multifactor authentication (MFA)
-          href: openvpn-azure-ad-mfa.md   
-    - name: P2S client configuration
-      items:
-      - name: Microsoft Entra authentication clients
-        items:
-        - name: Windows clients
-          href: openvpn-azure-ad-client.md
-        - name: macOS clients
-          href: openvpn-azure-ad-client-mac.md
-        - name: Multi-application Microsoft Entra authentication
-          href: openvpn-azure-ad-tenant-multi-app.md
-      - name: Certificate authentication clients
+        - name: Azure portal
+          href: virtual-wan-point-to-site-portal.md
+        - name: PowerShell
+          href: virtual-wan-point-to-site-powershell.md
+      - name: VPN client configuration
         items:
         - name: Windows clients
           items:
@@ -242,16 +216,44 @@
               href: point-to-site-vpn-client-certificate-windows-openvpn-client-version-2.md
             - name: Version 3.x
               href: point-to-site-vpn-client-certificate-windows-openvpn-client-version-3.md
+        - name: Linux clients
+          items:
+          - name: Azure VPN client
+            href: point-to-site-azure-vpn-client-certificate-linux.md
         - name: macOS and iOS clients
           items:
           - name: Native VPN client
             href: point-to-site-vpn-client-cert-mac.md
           - name: OpenVPN client - macOS
             href: point-to-site-vpn-client-certificate-openvpn-mac.md
           - name: OpenVPN client - iOS
-            href: point-to-site-vpn-client-certificate-openvpn-ios.md  
+            href: point-to-site-vpn-client-certificate-openvpn-ios.md
+        - name: Generate self-signed certificates
+          href: certificates-point-to-site.md
         - name: Install client certificates
           href: install-client-certificates.md
+    - name: Microsoft Entra ID authentication
+      items:
+      - name: P2S server configuration
+        items:
+        - name: Configure P2S - Microsoft-registered VPN client
+          href: point-to-site-entra-gateway.md
+        - name: Configure P2S - manually registered VPN client
+          href: virtual-wan-point-to-site-azure-ad.md
+        - name: Create or modify custom audience app ID
+          href: point-to-site-entra-register-custom-app.md
+        - name: Configure multifactor authentication (MFA)
+          href: openvpn-azure-ad-mfa.md
+        - name: Configure a tenant
+          href: openvpn-azure-ad-tenant.md
+        - name: Configure a tenant for multiple application registration
+          href: openvpn-azure-ad-tenant-multi-app.md
+      - name: VPN client configuration
+        items:
+        - name: Windows clients
+          href: openvpn-azure-ad-client.md
+        - name: macOS clients
+          href: openvpn-azure-ad-client-mac.md
       - name: VPN client profiles
         items:
         - name: Download global and hub profiles
@@ -260,8 +262,8 @@
           href: about-vpn-profile-download.md
         - name: Intune- Deploy VPN client profile
           href: vpn-profile-intune.md
-      - name: Azure VPN client optional settings
-        href: azure-vpn-client-optional-configurations-windows.md
+    - name: Azure VPN client optional settings
+      href: azure-vpn-client-optional-configurations-windows.md
     - name: Configure Always On tunnels
       items:
       - name: User tunnel

articles/virtual-wan/point-to-site-azure-vpn-client-certificate-linux.md

@@ -0,0 +1,39 @@
+---
+title: 'Configure P2S VPN clients - certificate authentication - Azure VPN Client - Linux'
+titleSuffix: Azure Virtual WAN
+description: Learn how to configure a Linux client to connect to Azure using a User VPN point-to-site connection, Open VPN, and the Azure VPN Client for Linux.
+author: cherylmc
+ms.service: azure-virtual-wan
+ms.custom: linux-related-content
+ms.topic: how-to
+ms.date: 02/06/2025
+ms.author: cherylmc
+---
+
+# Configure Azure VPN Client – User VPN Certificate authentication – OpenVPN – Linux (Preview)
+
+This article helps you connect to your Azure virtual network (VNet) using the Azure VPN Client for Linux. These instructions apply to User VPN point-to-site (P2S) and **Certificate authentication** connections. The Azure VPN Client for Linux requires the OpenVPN tunnel type.
+
+The VPN client configuration files that you generate are specific to the P2S User VPN gateway configuration. If there are changes to the P2S VPN configuration after you generate the files, such as changes to the VPN protocol type or authentication type, you need to generate new VPN client configuration files and apply the new configuration to all of the VPN clients that you want to connect.
+
+[!INCLUDE [Linux versions](../../includes/vpn-gateway-azure-vpn-client-linux-supported-releases.md)]
+
+## Before you begin
+
+Verify that you are on the correct article. The following table shows the configuration articles available for Azure VPN Gateway P2S VPN clients. Steps differ, depending on the authentication type, tunnel type, and the client OS.
+
+[!INCLUDE [P2S client configuration articles](../../includes/virtual-wan-vpn-client-install-articles.md)]
+
+### Prerequisites
+
+This article assumes that you've already performed the following prerequisites:
+
+* You configured a virtual WAN according to the steps in the [Create User VPN point-to-site connections](virtual-wan-point-to-site-portal.md) article. Your User VPN configuration must use certificate authentication and the OpenVPN tunnel type.
+* You generated and downloaded the VPN client configuration files. For steps to generate a VPN client profile configuration package, see [Generate VPN client configuration files](virtual-wan-point-to-site-portal.md#p2sconfig).
+* You can either generate client certificates, or acquire the appropriate client certificates necessary for authentication.
+
+[!INCLUDE [Configuration steps](../../includes/vpn-gateway-vwan-vpn-client-certificate-linux.md)]
+
+## Next steps
+
+For additional steps, return to the [P2S Azure portal](point-to-site-certificate-gateway.md) article.

articles/vpn-gateway/media/azure-vpn-client-certificate-linux/connect.png

@@ -29,105 +29,7 @@ This article assumes that you've already performed the following prerequisites:
 * The VPN gateway is configured for point-to-site certificate authentication and the OpenVPN tunnel type. See [Configure server settings for P2S VPN Gateway connections - certificate authentication](point-to-site-certificate-gateway.md) for steps.
 * VPN client profile configuration files have been generated and are available. See [Generate VPN client profile configuration files](point-to-site-certificate-gateway.md#profile-files) for steps.
 
-### Connection requirements
-
-To connect to Azure using the Azure VPN Client and certificate authentication, each connecting client requires the following items:
-
-* The Azure VPN Client software must be installed and configured on each client.
-* The client must have the correct certificates installed locally.
-
-### Workflow
-
-The basic workflow is as follows:
-
-1. Generate and install client certificates.
-1. Locate the VPN client profile configuration package that you generated in the [Configure server settings for P2S VPN Gateway connections - certificate authentication](point-to-site-certificate-gateway.md#profile-files) article.
-1. Download and configure the Azure VPN Client for Linux.
-1. Connect to Azure.
-
-## Generate certificates
-
-For certificate authentication, a client certificate must be installed on each client computer. The client certificate you want to use must be exported with the private key, and must contain all certificates in the certification path. Additionally, for some configurations, you'll also need to install root certificate information.
-
-Generate the client public certificate data and private key in **.pem** format using the following commands. To run the commands, you need to have the public Root certificate **caCert.pem** and the private key of Root certificate **caKey.pem**. For more information, see [Generate and export certificates - Linux - OpenSSL](point-to-site-certificates-linux-openssl.md).
-
-```
-export PASSWORD="password"
-export USERNAME=$(hostnamectl --static)
- 
-# Generate a private key
-openssl genrsa -out "${USERNAME}Key.pem" 2048 
- 
-# Generate a CSR
-openssl req -new -key "${USERNAME}Key.pem" -out "${USERNAME}Req.pem" -subj "/CN=${USERNAME}" 
- 
-# Sign the CSR using the CA certificate and key
-openssl x509 -req -days 365 -in "${USERNAME}Req.pem" -CA caCert.pem -CAkey caKey.pem -CAcreateserial -out "${USERNAME}Cert.pem" -extfile <(echo -e "subjectAltName=DNS:${USERNAME}\nextendedKeyUsage=clientAuth")
-```
-
-## View VPN client profile configuration files
-
-When you generate and download a VPN client profile configuration package, all the necessary configuration settings for VPN clients are contained in a VPN client profile configuration zip file. The VPN client profile configuration files are specific to the P2S VPN gateway configuration for the virtual network. If there are any changes to the P2S VPN configuration after you generate the files, such as changes to the VPN protocol type or authentication type, you need to generate new VPN client profile configuration files and apply the new configuration to all of the VPN clients that you want to connect.
-
-Locate and unzip the VPN client profile configuration package you generated and downloaded (listed in the [Prerequisites](#prerequisites)). Open the **AzureVPN** folder. In this folder, you'll see either the **azurevpnconfig_cert.xml** file or the **azurevpnconfig.xml** file, depending on whether your P2S configuration includes multiple authentication types. The .xml file contains the settings you use to configure the VPN client profile.
-
-If you don't see either file, or you don't have an **AzureVPN** folder, verify that your VPN gateway is configured to use the OpenVPN tunnel type and that certificate authentication is selected.
-
-## Download the Azure VPN Client
-
-Add the Microsoft repository list and install the Azure VPN Client for Linux using the following commands:
-
-```
-# install curl utility
-sudo apt-get install curl
-
-# Install Microsoft's public key
-curl -sSl https://packages.microsoft.com/keys/microsoft.asc | sudo tee /etc/apt/trusted.gpg.d/microsoft.asc
-
-# Install the production repo list for focal
-# For Ubuntu 20.04
-curl https://packages.microsoft.com/config/ubuntu/20.04/prod.list | sudo tee /etc/apt/sources.list.d/microsoft-ubuntu-focal-prod.list
-
-# Install the production repo list for jammy
-# For Ubuntu 22.04
-curl https://packages.microsoft.com/config/ubuntu/22.04/prod.list | sudo tee /etc/apt/sources.list.d/microsoft-ubuntu-jammy-prod.list
-
-sudo apt-get update
-
-sudo apt-get install microsoft-azurevpnclient
-```
-
-For more information about the repository, see [Linux Software Repository for Microsoft Products](/linux/packages).
-
-## Configure the Azure VPN Client profile
-
-1. Open the Azure VPN Client.
-1. On the bottom left of the page of the Linux VPN client, select **Import**.
-
-   :::image type="content" source="./media/azure-vpn-client-certificate-linux/import.png" alt-text="Screenshot of Azure VPN Client for Linux with Import." lightbox="./media/azure-vpn-client-certificate-linux/import.png":::
-1. In the window, navigate to either the **azurevpnconfig.xml** or **azurevpnconfig_cert.xml** file, select it, then select **Open**.
-1. To add **Client Certificate Public Data**, use the file picker and locate the related **.pem** files.
-
-   :::image type="content" source="./media/azure-vpn-client-certificate-linux/client-certificate-data.png" alt-text="Screenshot of Azure VPN Client for Linux with client certificate data selected." lightbox="./media/azure-vpn-client-certificate-linux/client-certificate-data.png":::
-1. To add the **Client Certificate Private Key**, use the picker and select the certificate files path in the text boxes for the private key, with file extension **.pem**.
-1. After the import validates (imports with no errors), select **Save**.
-1. In the left pane, locate the VPN connection profile you created. Select **Connect**.
-
-   :::image type="content" source="./media/azure-vpn-client-certificate-linux/connect.png" alt-text="Screenshot of Azure VPN Client for Linux Connect." lightbox="./media/azure-vpn-client-certificate-linux/connect.png":::
-1. When the client is successfully connected, the status shows as **Connected** with a green icon.
-
-   :::image type="content" source="./media/azure-vpn-client-certificate-linux/connected.png" alt-text="Screenshot of Azure VPN Client for Linux with client showing Connected." lightbox="./media/azure-vpn-client-certificate-linux/connected.png":::
-1. You can view the connection logs summary in the **Status Logs** on the main screen of the VPN client.
-
-   :::image type="content" source="./media/azure-vpn-client-certificate-linux/logs.png" alt-text="Screenshot of Azure VPN Client for Linux with client showing the status logs." lightbox="./media/azure-vpn-client-certificate-linux/logs.png":::
-
-## Uninstall the Azure VPN Client
-
-If you want to uninstall the Azure VPN Client, use the following command in the terminal:
-
-```
-sudo apt remove microsoft-azurevpnclient
-```
+[!INCLUDE [Configuration steps](../../includes/vpn-gateway-vwan-vpn-client-certificate-linux.md)]
 
 ## Next steps
 

articles/vpn-gateway/media/azure-vpn-client-certificate-linux/connected.png

@@ -1,7 +1,7 @@
 ---
 author: cherylmc
 ms.author: cherylmc
-ms.date: 02/04/2025
+ms.date: 02/06/2025
 ms.service: azure-virtual-wan
 ms.topic: include
 ---
@@ -14,7 +14,7 @@ ms.topic: include
 | | OpenVPN | Windows | [Azure VPN client](../articles/virtual-wan/vpn-client-certificate-windows.md)<br>[OpenVPN client version 2.x](../articles/virtual-wan/point-to-site-vpn-client-certificate-windows-openvpn-client-version-2.md)<br>[OpenVPN client version 3.x](../articles/virtual-wan/point-to-site-vpn-client-certificate-windows-openvpn-client-version-3.md) |
 | | OpenVPN | macOS | [OpenVPN client](../articles/virtual-wan/point-to-site-vpn-client-certificate-openvpn-mac.md) |
 | | OpenVPN | iOS | [OpenVPN client](../articles/virtual-wan/point-to-site-vpn-client-certificate-openvpn-ios.md) |
-| | OpenVPN |Linux | [Azure VPN client](../articles/vpn-gateway/point-to-site-certificate-client-linux-azure-vpn-client.md)<br>[OpenVPN client](../articles/vpn-gateway/point-to-site-vpn-client-certificate-openvpn-linux.md)|
+| | OpenVPN |Linux | [Azure VPN client](../articles/virtual-wan/point-to-site-azure-vpn-client-certificate-linux.md)<br>[OpenVPN client](../articles/vpn-gateway/point-to-site-vpn-client-certificate-openvpn-linux.md)|
 | Microsoft Entra ID | OpenVPN | Windows | [Azure VPN client](../articles/virtual-wan/openvpn-azure-ad-client.md) |
 |  | OpenVPN | macOS | [Azure VPN client](../articles/virtual-wan/openvpn-azure-ad-client-mac.md) |
 |  | OpenVPN| Linux |[Azure VPN client](../articles/vpn-gateway/point-to-site-entra-vpn-client-linux.md) |