Merge pull request #264832 from cherylmc/P2SWindows

new article

Author: v-dirichards

articles/vpn-gateway/TOC.yml

@@ -199,6 +199,10 @@
             href: point-to-site-how-to-vpn-client-install-azure-cert.md
           - name: Configure Windows native VPN client
             href: point-to-site-vpn-client-certificate-windows-native.md
+          - name: Configure OpenVPN client
+            href: point-to-site-vpn-client-certificate-windows-openvpn-client.md
+          - name: Configure Azure VPN Client
+            href: point-to-site-vpn-client-certificate-windows-azure-vpn-client.md
       - name: RADIUS authentication
         items:
         - name: Certificate authentication clients

articles/vpn-gateway/azure-vpn-client-optional-configurations.md

@@ -5,7 +5,7 @@ description: Learn how to configure optional configuration settings for the Azur
 author: cherylmc
 ms.service: vpn-gateway
 ms.topic: how-to
-ms.date: 10/05/2023
+ms.date: 02/21/2024
 ms.author: cherylmc
 
 ---
@@ -32,15 +32,15 @@ If you haven't already done so, make sure you complete the following items:
 
 * Download and install the Azure VPN Client. For steps, see one of the following articles:
 
-  * [Certificate authentication](point-to-site-vpn-client-cert-windows.md#download-the-azure-vpn-client)
+  * [Certificate authentication](point-to-site-vpn-client-certificate-windows-azure-vpn-client.md)
   * [Microsoft Entra authentication](openvpn-azure-ad-client.md#download)
 
 ## Working with VPN client profile configuration files
 
-The steps in this article require you to modify and import the Azure VPN Client profile configuration file. To work with VPN client profile configuration files (xml files), do the following:
+The steps in this article require you to modify and import the Azure VPN Client profile configuration file. To work with VPN client profile configuration files (xml files), use the following steps:
 
 1. Locate the profile configuration file and open it using the editor of your choice.
-1. Using the examples in the sections below, modify the file as necessary, then save your changes.
+1. Using the examples in the following sections, modify the file as necessary, then save your changes.
 1. Import the file to configure the Azure VPN client. You can import the file for the Azure VPN Client using these methods:
 
    * **Azure VPN Client interface**: Open the Azure VPN Client and click **+** and then **Import**. Locate the modified xml file, configure any additional settings in the Azure VPN Client interface (if necessary), then click **Save**.

articles/vpn-gateway/ikev2-openvpn-from-sstp.md

@@ -17,7 +17,7 @@ A point-to-site (P2S) VPN gateway connection lets you create a secure connection
 
 Point-to-site VPN can use one of the following protocols:
 
-* **OpenVPN® Protocol**, an SSL/TLS based VPN protocol. An SSL VPN solution can penetrate firewalls, since most firewalls open TCP port 443 outbound, which SSL uses. OpenVPN can be used to connect from Android, iOS (versions 11.0 and above), Windows, Linux and Mac devices (macOS versions 10.13 and above).
+* **OpenVPN® Protocol**, an SSL/TLS based VPN protocol. An SSL VPN solution can penetrate firewalls, since most firewalls open TCP port 443 outbound, which SSL uses. OpenVPN can be used to connect from Android, iOS (versions 11.0 and above), Windows, Linux, and Mac devices (macOS versions 10.13 and above).
 
 * **Secure Socket Tunneling Protocol (SSTP)**, a proprietary SSL-based VPN protocol. An SSL VPN solution can penetrate firewalls, since most firewalls open TCP port 443 outbound, which SSL uses. SSTP is only supported on Windows devices. Azure supports all versions of Windows that have SSTP (Windows 7 and later). **SSTP supports up to 128 concurrent connections only regardless of the gateway SKU**.
 
@@ -29,7 +29,7 @@ Point-to-site VPN can use one of the following protocols:
 
 ## <a name="migrate"></a>Migrating from SSTP to IKEv2 or OpenVPN
 
-There may be cases when you want to support more than 128 concurrent P2S connection to a VPN gateway but are using SSTP. In such a case, you need to move to IKEv2 or OpenVPN protocol.
+There might be cases when you want to support more than 128 concurrent P2S connection to a VPN gateway but are using SSTP. In such a case, you need to move to IKEv2 or OpenVPN protocol.
 
 ### Option 1 - Add IKEv2 in addition to SSTP on the Gateway
 
@@ -55,9 +55,9 @@ You can enable OpenVPN along side with IKEv2 if you desire. OpenVPN is TLS-based
 
 :::image type="content" source="./media/ikev2-openvpn-from-sstp/change-tunnel-type.png" alt-text="Screenshot that shows the Point-to-site configuration page with Open VPN selected." lightbox="./media/ikev2-openvpn-from-sstp/change-tunnel-type.png":::
 
-Once the gateway has been configured, existing clients won't be able to connect until you [deploy and configure the OpenVPN clients](point-to-site-vpn-client-cert-windows.md#view-openvpn).
+Once the gateway has been configured, existing clients won't be able to connect until you [deploy and configure the OpenVPN clients](point-to-site-vpn-client-cert-windows.md).
 
-If you're using Windows 10 or later, you can also use the [Azure VPN Client](point-to-site-vpn-client-cert-windows.md#azurevpn).
+If you're using Windows 10 or later, you can also use the [Azure VPN Client](point-to-site-vpn-client-cert-windows.md).
 
 ## <a name="faq"></a>Frequently asked questions
 

articles/vpn-gateway/point-to-site-vpn-client-cert-windows.md

@@ -6,7 +6,7 @@ author: cherylmc
 ms.service: vpn-gateway
 ms.custom: devx-track-azurepowershell
 ms.topic: how-to
-ms.date: 01/25/2024
+ms.date: 02/21/2024
 ms.author: cherylmc
 ---
 
@@ -32,8 +32,8 @@ In this article, we start with generating VPN client configuration files and cli
 1. [Generate certificates for the VPN client](#2-generate-client-certificates).
 1. [Configure the VPN client](#3-configure-the-vpn-client). The steps you use to configure your VPN client depend on the tunnel type for your P2S VPN gateway, and the VPN client on the client computer.
 
-   * **IKEv2 and SSTP - native VPN client steps** -  If your P2S VPN gateway is configured to use IKEv2/SSTP and certificate authentication, you can connect to your VNet using the native VPN client that's part of your Windows operating system. This configuration doesn't require additional client software. For steps, see [IKEv2 and SSTP - native VPN client](point-to-site-vpn-client-certificate-windows-native.md).
-   * **OpenVPN** - If your P2S VPN gateway is configured to use an OpenVPN tunnel and certificate authentication, you have the option of using either the [Azure VPN Client](#openvpn), or the [OpenVPN client](#azurevpn) steps in this article.
+   * **IKEv2 and SSTP - native VPN client** -  If your P2S VPN gateway is configured to use IKEv2/SSTP and certificate authentication, you connect to your VNet using the native VPN client that's part of your Windows operating system. This configuration doesn't require additional client software. For steps, see [IKEv2 and SSTP - native VPN client](point-to-site-vpn-client-certificate-windows-native.md).
+   * **OpenVPN - Azure VPN Client and OpenVPN client** - If your P2S VPN gateway is configured to use an OpenVPN tunnel and certificate authentication, you have the option to connect using either the [Azure VPN Client](point-to-site-vpn-client-certificate-windows-azure-vpn-client.md), or the [OpenVPN client](point-to-site-vpn-client-certificate-windows-openvpn-client.md).
 
 ## 1. Generate VPN client configuration files
 
@@ -62,81 +62,12 @@ In many cases, you can install the client certificate directly on the client com
 
 Next, configure the VPN client. Select from the following instructions:
 
-* [IKEv2 and SSTP - native VPN client steps](point-to-site-vpn-client-certificate-windows-native.md)
-* [OpenVPN - OpenVPN client steps](#openvpn)
-* [OpenVPN - Azure VPN Client steps](#azurevpn)
+|Tunnel | VPN client |
+|---|---|
+| IKEv2 and SSTP | [Native VPN client steps](point-to-site-vpn-client-certificate-windows-native.md)|
+| OpenVPN | [Azure VPN Client steps](point-to-site-vpn-client-certificate-windows-azure-vpn-client.md)|
+| OpenVPN | [OpenVPN Client steps](point-to-site-vpn-client-certificate-windows-openvpn-client.md) |
 
-## <a name="azurevpn"></a>Azure VPN Client steps - OpenVPN
-
-If your P2S VPN gateway is configured to use an OpenVPN tunnel type and certificate authentication, you can connect using the Azure VPN Client.
-
-The following steps help you download, install, and configure the Azure VPN Client to connect to your VNet. Note that these steps apply to certificate authentication. If you're using OpenVPN with Microsoft Entra authentication, see the [Microsoft Entra ID](openvpn-azure-ad-client.md) configuration article instead.
-
-To connect, each client computer requires the following items:
-
-* The Azure VPN Client software must be installed on each client computer that you want to connect.
-* The Azure VPN Client profile must be configured using the downloaded **azurevpnconfig.xml** configuration file.
-* The client computer must have a client certificate that's installed locally.
-
-### <a name="view-azurevpn"></a>View configuration files
-
-When you open the zip file, you'll see the **AzureVPN** folder. Locate the **azurevpnconfig.xml** file. This file contains the settings you use to configure the VPN client profile.
-
-If you don't see the file, verify the following items:
-
-* Verify that your VPN gateway is configured to use the OpenVPN tunnel type.
-* If you're using Microsoft Entra authentication, you might not have an AzureVPN folder. See the [Microsoft Entra ID](openvpn-azure-ad-client.md) configuration article instead.
-
-### Download the Azure VPN Client
-
-[!INCLUDE [Download the Azure VPN client](../../includes/vpn-gateway-download-vpn-client.md)]
-
-### Configure the VPN client profile
-
-1. Open the Azure VPN Client.
-
-1. Click **+** on the bottom left of the page, then select **Import**.
-
-1. In the window, navigate to the **azurevpnconfig.xml** file, select it, then click **Open**.
-
-1. From the **Certificate Information** dropdown, select the name of the child certificate (the client certificate). For example, **P2SChildCert**. You can also (optionally) select a [Secondary Profile](#secondary-profile).
-
-   :::image type="content" source="./media/point-to-site-vpn-client-cert-windows/configure-certificate.png" alt-text="Screenshot showing Azure VPN client profile configuration page." lightbox="./media/point-to-site-vpn-client-cert-windows/configure-certificate.png":::
-
-   If you don't see a client certificate in the **Certificate Information** dropdown, you'll need to cancel and fix the issue before proceeding. It's possible that one of the following things is true:
-
-   * The client certificate isn't installed locally on the client computer.
-   * There are multiple certificates with exactly the same name installed on your local computer (common in test environments).
-   * The child certificate is corrupt.
-
-1. After the import validates (imports with no errors), click **Save**.
-
-1. In the left pane, locate the **VPN connection**, then click **Connect**.
-
-### Optional settings for the Azure VPN Client
-
-The following sections discuss additional optional configuration settings that are available for the Azure VPN Client.
-
-#### Secondary Profile
-
-[!INCLUDE [Secondary profile](../../includes/vpn-gateway-azure-vpn-client-secondary-profile.md)]
-
-#### Custom settings: DNS and routing
-
-You can configure the Azure VPN Client with optional configuration settings such as additional DNS servers, custom DNS, forced tunneling, custom routes, and other additional settings. For a description of the available settings and configuration steps, see [Azure VPN Client optional settings](azure-vpn-client-optional-configurations.md).
-
-## <a name="openvpn"></a>OpenVPN Client steps - OpenVPN
-
-If your P2S VPN gateway is configured to use an OpenVPN tunnel type and certificate authentication, you can connect using an OpenVPN client. The following steps help you configure the **OpenVPN &reg; Protocol** client and connect to your VNet.
-
-### <a name="view-openvpn"></a>View configuration files
-
-When you open the VPN client configuration package zip file, you should see an OpenVPN folder. If you don't see the folder, verify the following items:
-
-* Verify that your VPN gateway is configured to use the OpenVPN tunnel type.
-* If you're using Microsoft Entra authentication, you might not have an OpenVPN folder. See the [Microsoft Entra ID](openvpn-azure-ad-client.md) configuration article instead.
-
-[!INCLUDE [Configuration steps](../../includes/vpn-gateway-vwan-config-openvpn-windows.md)]
 
 ## Next steps
 

articles/vpn-gateway/point-to-site-vpn-client-certificate-windows-azure-vpn-client.md

@@ -0,0 +1,87 @@
+---
+title: 'Configure P2S VPN clients: certificate authentication: Azure VPN client'
+titleSuffix: Azure VPN Gateway
+description: Learn how to configure VPN clients for P2S configurations that use certificate authentication. This article applies to Windows and the Azure VPN client.
+author: cherylmc
+ms.service: vpn-gateway
+ms.topic: how-to
+ms.date: 01/31/2024
+ms.author: cherylmc
+---
+
+# Configure the Azure VPN Client for P2S Certificate Authentication connections
+
+If your point-to-site (P2S) VPN gateway is configured to use OpenVPN and certificate authentication, you can connect to your virtual network using the Azure VPN Client or the OpenVPN client. This article walks you through the steps to configure the **Azure VPN Client** and connect to your virtual network.
+
+## Before you begin
+
+This article assumes that you've already performed the following prerequisites:
+
+* You created and configured your VPN gateway for point-to-site certificate authentication and the OpenVPN tunnel type. See [Configure server settings for P2S VPN Gateway connections - certificate authentication](vpn-gateway-howto-point-to-site-resource-manager-portal.md) for steps.
+* You generated client certificates and downloaded the VPN client configuration files. See [Point-to-site VPN clients: certificate authentication - Windows ](point-to-site-vpn-client-cert-windows.md)
+
+Before beginning client configuration steps, verify that you're on the correct VPN client configuration article. The following table shows the configuration articles available for VPN Gateway point-to-site VPN clients. Steps differ, depending on the authentication type, tunnel type, and the client OS.
+
+[!INCLUDE [All client articles](../../includes/vpn-gateway-vpn-client-install-articles.md)]
+
+### Connection requirements
+
+To connect to Azure, each connecting client computer requires the following items:
+
+* The Azure VPN Client software must be installed on each client computer.
+* The Azure VPN Client profile must be configured using the downloaded **azurevpnconfig.xml** configuration file.
+* The client computer must have a client certificate that's installed locally.
+
+## View configuration files
+
+The VPN client profile configuration package contains specific folders. The files within the folders contain the settings needed to configure the VPN client profile on the client computer. The files and the settings they contain are specific to the VPN gateway and the type of authentication and tunnel your VPN gateway is configured to use.
+
+Locate and unzip the VPN client profile configuration package you generated. For Certificate authentication and OpenVPN, you'll see the **AzureVPN** folder. Locate the **azurevpnconfig.xml** file. This file contains the settings you use to configure the VPN client profile.
+
+If you don't see the file, verify the following items:
+
+* Verify that your VPN gateway is configured to use the OpenVPN tunnel type.
+* If you're using Microsoft Entra authentication, you might not have an AzureVPN folder. See the [Microsoft Entra ID](openvpn-azure-ad-client.md) configuration article instead.
+
+## Download the Azure VPN Client
+
+[!INCLUDE [Download the Azure VPN client](../../includes/vpn-gateway-download-vpn-client.md)]
+
+## Configure the Azure VPN Client profile
+
+1. Open the Azure VPN Client.
+
+1. Select **+** on the bottom left of the page, then select **Import**.
+
+1. In the window, navigate to the **azurevpnconfig.xml** file, select it, then select **Open**.
+
+1. From the **Certificate Information** dropdown, select the name of the child certificate (the client certificate). For example, **P2SChildCert**. You can also (optionally) select a [Secondary Profile](#secondary-profile).
+
+   :::image type="content" source="./media/point-to-site-vpn-client-cert-windows/configure-certificate.png" alt-text="Screenshot showing Azure VPN client profile configuration page." lightbox="./media/point-to-site-vpn-client-cert-windows/configure-certificate.png":::
+
+   If you don't see a client certificate in the **Certificate Information** dropdown, you'll need to cancel and fix the issue before proceeding. It's possible that one of the following things is true:
+
+   * The client certificate isn't installed locally on the client computer.
+   * There are multiple certificates with exactly the same name installed on your local computer (common in test environments).
+   * The child certificate is corrupt.
+
+1. After the import validates (imports with no errors), select **Save**.
+
+1. In the left pane, locate the **VPN connection**, then select **Connect**.
+
+### Optional settings for the Azure VPN Client
+
+The following sections discuss optional configuration settings that are available for the Azure VPN Client.
+
+#### Secondary Profile
+
+[!INCLUDE [Secondary profile](../../includes/vpn-gateway-azure-vpn-client-secondary-profile.md)]
+
+#### Custom settings: DNS and routing
+
+You can configure the Azure VPN Client with optional configuration settings such as more DNS servers, custom DNS, forced tunneling, custom routes, and other settings. For a description of the available settings and configuration steps, see [Azure VPN Client optional settings](azure-vpn-client-optional-configurations.md).
+
+## Next steps
+
+[Point-to-site configuration steps](vpn-gateway-howto-point-to-site-resource-manager-portal.md)
+[Point-to-site VPN clients: certificate authentication - Windows ](point-to-site-vpn-client-cert-windows.md)

articles/vpn-gateway/point-to-site-vpn-client-certificate-windows-native.md

@@ -58,3 +58,4 @@ Connect to your virtual network via point-to-site VPN.
 ## Next steps
 
 [Point-to-site configuration steps](vpn-gateway-howto-point-to-site-resource-manager-portal.md)
+[Point-to-site VPN clients: certificate authentication - Windows ](point-to-site-vpn-client-cert-windows.md)