You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Configure a point-to-site (P2S) VPN on Linux for use with Azure Files
13
13
14
-
You can use a point-to-site (P2S) virtual private network (VPN) connection to mount your Azure file shares from outside of Azure, without sending data over the open internet. A point-to-site VPN connection is a VPN connection between Azure and an individual client. To use a P2S VPN connection with Azure Files, you'll need to configure a P2S VPN connection for each client that wants to connect. If you have many clients that need to connect to your Azure file shares from your on-premises network, you can use a site-to-site (S2S) VPN connection instead of a point-to-site connection for each client. To learn more, see [Configure a site-to-site VPN for use with Azure Files](storage-files-configure-s2s-vpn.md).
14
+
You can use a point-to-site (P2S) virtual private network (VPN) connection to mount your Azure file shares from outside of Azure, without sending data over the open internet. A point-to-site VPN connection is a VPN connection between Azure and an individual client. To use a P2S VPN connection with Azure Files, you need to configure a P2S VPN connection for each client that wants to connect. If you have many clients that need to connect to your Azure file shares from your on-premises network, you can use a site-to-site (S2S) VPN connection instead of a point-to-site connection for each client. To learn more, see [Configure a site-to-site VPN for use with Azure Files](storage-files-configure-s2s-vpn.md).
15
15
16
16
We strongly recommend that you read [Azure Files networking overview](storage-files-networking-overview.md) before continuing with this article for a complete discussion of the networking options available for Azure Files.
17
17
18
18
The article details the steps to configure a point-to-site VPN on Linux to mount Azure file shares directly on-premises.
19
19
20
20
## Applies to
21
-
22
-
| File share type | SMB | NFS |
23
-
|-|:-:|:-:|
24
-
| Standard file shares (GPv2), LRS/ZRS |||
25
-
| Standard file shares (GPv2), GRS/GZRS |||
- The most recent version of the Azure CLI. For information on how to install the Azure CLI, see [Install the Azure PowerShell CLI](/cli/azure/install-azure-cli) and select your operating system. If you prefer to use the Azure PowerShell module on Linux, you may. However, the instructions below are for Azure CLI.
31
37
32
-
- An Azure file share you'd like to mount on-premises. Azure file shares are deployed within storage accounts, which are management constructs that represent a shared pool of storage in which you can deploy multiple file shares, as well as other storage resources, such as blob containers or queues. You can learn more about how to deploy Azure file shares and storage accounts in [Create an Azure file share](storage-how-to-create-file-share.md).
38
+
- An Azure file share you'd like to mount on-premises. Azure file shares are deployed within storage accounts, which are management constructs that represent a shared pool of storage in which you can deploy multiple file shares. You can learn more about how to deploy Azure file shares and storage accounts in [Create an Azure file share](storage-how-to-create-file-share.md).
33
39
34
40
- A private endpoint for the storage account containing the Azure file share you want to mount on-premises. To learn how to create a private endpoint, see [Configuring Azure Files network endpoints](storage-files-networking-endpoints.md?tabs=azure-cli).
To access your Azure file share and other Azure resources from on-premises via a Point-to-Site VPN, you must create a virtual network, or VNet. The P2S VPN connection you'll automatically create is a bridge between your on-premises Linux machine and this Azure virtual network.
63
+
To access your Azure file share and other Azure resources from on-premises via a Point-to-Site VPN, you must create a virtual network, or VNet. You can think of the P2S VPN connection create as a bridge between your on-premises Linux machine and this Azure virtual network.
58
64
59
-
The following script will create an Azure virtual network with three subnets: one for your storage account's service endpoint, one for your storage account's private endpoint, which is required to access the storage account on-premises without creating custom routing for the public IP of the storage account that may change, and one for your virtual network gateway that provides the VPN service.
65
+
The following script creates an Azure virtual network with three subnets: one for your storage account's service endpoint, one for your storage account's private endpoint, which is required to access the storage account on-premises without creating custom routing for the public IP of the storage account that may change, and one for your virtual network gateway that provides the VPN service.
60
66
61
67
Remember to replace `<region>`, `<resource-group>`, and `<desired-vnet-name>` with the appropriate values for your environment.
In order for VPN connections from your on-premises Linux machines to be authenticated to access your virtual network, you must create two certificates:
101
107
102
-
- A root certificate, which will be provided to the virtual machine gateway
103
-
- A client certificate, which will be signed with the root certificate
108
+
- A root certificate, which is provided to the virtual machine gateway
109
+
- A client certificate, which is signed with the root certificate
104
110
105
111
The following script creates the required certificates.
The Azure virtual network gateway is the service that your on-premises Linux machines will connect to. Deploying this service requires two basic components:
142
+
The Azure virtual network gateway is the service that your on-premises Linux client connects to. Deploying this service requires two basic components:
137
143
138
-
- A public IP address that will identify the gateway to your clients wherever they are in the world
139
-
- The root certificate you created earlier that will be used to authenticate your clients
144
+
- A public IP address that identifies the gateway to your clients wherever they are in the world.
145
+
- The root certificate you created earlier that is used to authenticate your clients
140
146
141
147
Remember to replace `<desired-vpn-name-here>` with the name you would like for these resources.
142
148
143
149
> [!NOTE]
144
-
> Deploying the Azure virtual network gateway can take up to 45 minutes. While this resource is being deployed, this bash script will block the deployment from being completed.
150
+
> Deploying the Azure virtual network gateway can take up to 45 minutes. While this resource is being deployed, this bash script blocks the deployment from being completed.
145
151
>
146
152
> P2S IKEv2/OpenVPN connections aren't supported with the **Basic** SKU. This script uses the **VpnGw1** SKU for the virtual network gateway.
147
153
@@ -179,7 +185,7 @@ az network vnet-gateway root-cert create \
179
185
180
186
## Configure the VPN client
181
187
182
-
The Azure virtual network gateway will create a downloadable package with configuration files required to initialize the VPN connection on your on-premises Linux machine. The following script will place the certificates you created in the correct spot and configure the `ipsec.conf` file with the correct values from the configuration file in the downloadable package.
188
+
The Azure virtual network gateway creates a downloadable package with configuration files required to initialize the VPN connection on your on-premises Linux machine. The following script places the certificates you created in the correct spot and configures the `ipsec.conf` file with the correct values from the configuration file in the downloadable package.
@@ -221,7 +227,7 @@ sudo ipsec up $VIRTUAL_NETWORK_NAME
221
227
222
228
## Mount Azure file share
223
229
224
-
Now that you've set up your Point-to-Site VPN, you can mount your Azure file share. See [Mount SMB file shares to Linux](storage-how-to-use-files-linux.md) or [Mount NFS file share to Linux](storage-files-how-to-mount-nfs-shares.md).
230
+
After seting up your Point-to-Site VPN, you can mount your Azure file share. See [Mount SMB file shares to Linux](storage-how-to-use-files-linux.md) or [Mount NFS file share to Linux](storage-files-how-to-mount-nfs-shares.md).
Copy file name to clipboardExpand all lines: articles/storage/files/storage-files-configure-p2s-vpn-windows.md
+12-6Lines changed: 12 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,12 +18,18 @@ We strongly recommend that you read [Networking considerations for direct Azure
18
18
The article details the steps to configure a point-to-site VPN on Windows (Windows client and Windows Server) to mount Azure file shares directly on-premises. If you're looking to route Azure File Sync traffic over a VPN, see [configuring Azure File Sync proxy and firewall settings](../file-sync/file-sync-firewall-and-proxy.md).
19
19
20
20
## Applies to
21
-
22
-
| File share type | SMB | NFS |
23
-
|-|:-:|:-:|
24
-
| Standard file shares (GPv2), LRS/ZRS |||
25
-
| Standard file shares (GPv2), GRS/GZRS |||
Copy file name to clipboardExpand all lines: articles/storage/files/storage-files-configure-s2s-vpn.md
+12-6Lines changed: 12 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,12 +19,18 @@ We strongly recommend that you read [Azure Files networking overview](storage-fi
19
19
The article details the steps to configure a site-to-site VPN to mount Azure file shares directly on-premises. If you're looking to route sync traffic for Azure File Sync over a S2S VPN, see [configuring Azure File Sync proxy and firewall settings](../file-sync/file-sync-firewall-and-proxy.md).
20
20
21
21
## Applies to
22
-
23
-
| File share type | SMB | NFS |
24
-
|-|:-:|:-:|
25
-
| Standard file shares (GPv2), LRS/ZRS |||
26
-
| Standard file shares (GPv2), GRS/GZRS |||
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments