|
| 1 | +--- |
| 2 | +title: 'Remote work with P2S: Azure VPN Gateway' |
| 3 | +description: This page describes how you can leverage Azure Bastion to enable working remotely due to the COVID-19 pandemic. |
| 4 | +services: vpn-gateway |
| 5 | +author: anzaman |
| 6 | + |
| 7 | +ms.service: vpn-gateway |
| 8 | +ms.topic: conceptual |
| 9 | +ms.date: 03/23/2020 |
| 10 | +ms.author: alzam |
| 11 | + |
| 12 | +--- |
| 13 | +# Remote work using Azure VPN Gateway Point-to-site |
| 14 | + |
| 15 | +>[!NOTE] |
| 16 | +>This article describes how you can leverage Azure VPN Gateway, Azure, Microsoft network, and the Azure partner ecosystem to work remotely and mitigate network issues that you are facing because of Covid-19 crisis. |
| 17 | +> |
| 18 | +
|
| 19 | +This article describes the options that are available to organizations to setup remote access for their users or to supplement their existing solutions with additional capacity during the COVID-19 epidemic. |
| 20 | + |
| 21 | +The Azure point-to-site solution is cloud based and can be provisioned quickly to cater for the increased demand of users to work from home. It can scale up easily and turned off just as easily and quickly when the increased capacity is not needed anymore. |
| 22 | + |
| 23 | +## About Point-to-Site VPN |
| 24 | + |
| 25 | +A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer. A P2S connection is established by starting it from the client computer. This solution is useful for telecommuters who want to connect to Azure VNets or on-premises data centers from a remote location, such as from home or a conference. This article describes how to enable users to work remotely based on various scenarios. |
| 26 | + |
| 27 | +The table below shows the client operating systems and the authentication options that are available to them. It would be helpful to select the authentication method based on the client OS that is already in use. For example, select OpenVPN with Certificate-based authentication if you have a mixture of client operating systems that need to connect. Also, please note that point-to-site VPN is only supported on route-based VPN gateways. |
| 28 | + |
| 29 | + |
| 30 | + |
| 31 | +## Scenario 1 - Users need access to resources in Azure only |
| 32 | + |
| 33 | +In this scenario, the remote users only need to access to resources that are in Azure. |
| 34 | + |
| 35 | + |
| 36 | + |
| 37 | +At a high level, the following steps are needed to enable users to connect to Azure resources securely: |
| 38 | + |
| 39 | +1. Create a Virtual Network Gateway (if one does not exist) |
| 40 | +2. Configure point-to-site VPN on the gateway |
| 41 | + 3. [For certificate authentication, follow this link](https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal#creategw). |
| 42 | + 2. [For OpenVPN, follow this link](https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-openvpn). |
| 43 | + 3. [For Azure AD authentication, follow this link](https://docs.microsoft.com/azure/vpn-gateway/openvpn-azure-ad-tenant). |
| 44 | + 4. [For troubleshooting point-to-site connections, follow this link](https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-troubleshoot-vpn-point-to-site-connection-problems). |
| 45 | +3. Download and distribute the VPN client configuration |
| 46 | +4. Distribute the certificates (if certificate authentication is selected) to the clients |
| 47 | +5. Connect to Azure VPN |
| 48 | + |
| 49 | +## Scenario 2 - Users need access to resources in Azure and/or on-prem resources |
| 50 | + |
| 51 | +In this scenario, the remote users need to access to resources that are in Azure and in the on premises data center(s). |
| 52 | + |
| 53 | + |
| 54 | + |
| 55 | +At a high level, the following steps are needed to enable users to connect to Azure resources securely: |
| 56 | + |
| 57 | +1. Create a Virtual Network Gateway (if one does not exist) |
| 58 | +2. Configure point-to-site VPN on the gateway (see Scenario 1 above) |
| 59 | +3. Configure site-to-site tunnel on Azure Virtual Network Gateway with BGP enabled |
| 60 | +4. Configure on premises device to connect to Azure Virtual Network Gateway |
| 61 | +5. Download the point-to-site profile from the Azure portal and distribute to clients |
| 62 | + |
| 63 | +[Follow this link to learn how to setup a site-to-site VPN tunnel](https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal) |
| 64 | + |
| 65 | +## <a name="faqcert"></a>FAQ for native Azure certificate authentication |
| 66 | + |
| 67 | +[!INCLUDE [vpn-gateway-point-to-site-faq-include](../../includes/vpn-gateway-faq-p2s-azurecert-include.md)] |
| 68 | + |
| 69 | +## <a name="faqradius"></a>FAQ for RADIUS authentication |
| 70 | + |
| 71 | +[!INCLUDE [vpn-gateway-point-to-site-faq-include](../../includes/vpn-gateway-faq-p2s-radius-include.md)] |
| 72 | + |
| 73 | +## Next Steps |
| 74 | + |
| 75 | +* [Configure a P2S connection - Azure AD authentication](openvpn-azure-ad-tenant.md) |
| 76 | + |
| 77 | +* [Configure a P2S connection - RADIUS authentication](point-to-site-how-to-radius-ps.md) |
| 78 | + |
| 79 | +* [Configure a P2S connection - Azure native certificate authentication](vpn-gateway-howto-point-to-site-rm-ps.md) |
| 80 | + |
| 81 | +**"OpenVPN" is a trademark of OpenVPN Inc.** |
0 commit comments