Merge pull request #108200 from cherylmc/p2svwan1

update

Author: megvanhuygen

articles/virtual-wan/TOC.yml

@@ -54,7 +54,7 @@
     items:
     - name: Create a User VPN connection
       href: virtual-wan-point-to-site-portal.md
-    - name: Configure certificates
+    - name: Generate certificates
       href: certificates-point-to-site.md
     - name: Configure Azure AD tenant
       href: openvpn-azure-ad-tenant.md
@@ -63,7 +63,7 @@
     - name: Global and hub-based profile
       href: global-hub-profile.md
     - name: Configure OpenVPN clients
-      href: ../vpn-gateway/vpn-gateway-howto-openvpn-clients.md?toc=%2fazure%2fvirtual-wan%2ftoc.json
+      href: howto-openvpn-clients.md?
     - name: Configure Always On VPN user tunnel
       href: howto-always-on-user-tunnel.md
     - name: Configure Always On VPN device tunnel

articles/virtual-wan/about-vpn-profile-download.md

@@ -12,11 +12,11 @@ ms.author: cherylmc
 ---
 # Working with User VPN client profiles
 
-The downloaded profile file contains information that is necessary to configure a VPN connection. This article will help you obtain and understand the information necessary for a User VPN client profile.
+The downloaded profile file contains information that is necessary to configure a VPN connection. This article helps you obtain and understand the information necessary for a User VPN client profile.
 
 [!INCLUDE [client profiles](../../includes/vpn-gateway-vwan-vpn-profile-download.md)]
 
-* The **OpenVPN folder** contains the *ovpn* profile that needs to be modified to include the key and the certificate. For more information, see [Configure OpenVPN clients](../vpn-gateway/vpn-gateway-howto-openvpn-clients.md#windows).
+* The **OpenVPN folder** contains the *ovpn* profile that needs to be modified to include the key and the certificate. For more information, see [Configure OpenVPN clients](../virtual-wan/howto-openvpn-clients.md#windows).
 
 ## Next steps
 

articles/virtual-wan/certificates-point-to-site.md

@@ -1,18 +1,18 @@
 ---
-title: 'Generate and export certificates for Azure Virtual WAN user VPN connections | Microsoft Docs'
+title: 'Generate and export certificates for User VPN connections | Azure Virtual WAN'
 description: Create a self-signed root certificate, export the public key, and generate client certificates using PowerShell on Windows 10 or Windows Server 2016.
 services: virtual-wan
 author: cherylmc
 
 ms.service: virtual-wan
 ms.topic: conceptual
-ms.date: 10/09/2019
+ms.date: 03/18/2020
 ms.author: cherylmc
 
 ---
-# Generate and export certificates for Virtual WAN user VPN connections
+# Generate and export certificates for User VPN connections
 
-User VPN connections use certificates to authenticate. This article shows you how to create a self-signed root certificate and generate client certificates using PowerShell on Windows 10 or Windows Server 2016.
+User VPN (point-to-site) connections use certificates to authenticate. This article shows you how to create a self-signed root certificate and generate client certificates using PowerShell on Windows 10 or Windows Server 2016.
 
 You must perform the steps in this article on a computer running Windows 10 or Windows Server 2016. The PowerShell cmdlets that you use to generate certificates are part of the operating system and do not work on other versions of Windows. The Windows 10 or Windows Server 2016 computer is only needed to generate the certificates. Once the certificates are generated, you can upload them, or install them on any supported client operating system.
 

articles/virtual-wan/howto-openvpn-clients.md

@@ -0,0 +1,27 @@
+---
+title: 'Configure OpenVPN clients for Azure Virtual WAN'
+description: Steps to configure OpenVPN clients for Azure Virtual WAN
+services: virtual-wan
+author: cherylmc
+
+ms.service: virtual-wan
+ms.topic: conceptual
+ms.date: 03/18/2020
+ms.author: cherylmc
+
+---
+# Configure an OpenVPN client for Azure Virtual WAN
+
+This article helps you configure **OpenVPN ® Protocol** clients.
+
+## Before you begin
+
+Create a User VPN (point-to-site) configuration. Make sure that you select "OpenVPN" for tunnel type. For steps, see [Create a P2S configuration for Azure Virtual WAN](virtual-wan-point-to-site-portal.md#p2sconfig).
+
+[!INCLUDE [configuration steps](../../includes/vpn-gateway-vwan-config-openvpn-clients.md)]
+
+## Next steps
+
+For more information about User VPN (point-to-site), see [Create User VPN connections](virtual-wan-point-to-site-portal.md).
+
+**"OpenVPN" is a trademark of OpenVPN Inc.**

articles/virtual-wan/virtual-wan-point-to-site-portal.md

@@ -6,7 +6,7 @@ author: anzaman
 
 ms.service: virtual-wan
 ms.topic: tutorial
-ms.date: 11/04/2019
+ms.date: 03/18/2020
 ms.author: alzam
 
 ---
@@ -33,7 +33,7 @@ In this tutorial, you learn how to:
 
 Verify that you have met the following criteria before beginning your configuration:
 
-* You have a virtual network that you want to connect to. Verify that none of the subnets of your on-premises networks overlap with the virtual networks that you want to connect to. To create a virtual network in the Azure portal, see the [Quickstart](../virtual-network/quick-create-portal.md).
+* You have a virtual network that you want to connect to. Verify that none of the subnets of your on-premises networks overlap with the virtual networks that you want to connect to. To create a virtual network in the Azure portal, see the [quickstart](../virtual-network/quick-create-portal.md).
 
 * Your virtual network does not have any virtual network gateways. If your virtual network has a gateway (either VPN or ExpressRoute), you must remove all gateways. This configuration requires that virtual networks are connected instead, to the Virtual WAN hub gateway.
 
@@ -130,8 +130,8 @@ Use the downloaded profile to configure the remote access clients. The procedure
 1. Download and install the OpenVPN client from the official website.
 2. Download the VPN profile for the gateway. This can be done from the User VPN configurations tab in Azure portal, or New-AzureRmVpnClientConfiguration in PowerShell.
 3. Unzip the profile. Open the vpnconfig.ovpn configuration file from the OpenVPN folder in notepad.
-4. Fill in the P2S client certificate section with the P2S client certificate public key in base64. In a PEM formatted certificate, you can simply open the .cer file and copy over the base64 key between the certificate headers. See here [how to export a certificate to get the encoded public key.](https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-certificates-point-to-site)
-5. Fill in the private key section with the P2S client certificate private key in base64. See here [how to extract private key.](https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-openvpn-clients#windows)
+4. Fill in the P2S client certificate section with the P2S client certificate public key in base64. In a PEM formatted certificate, you can simply open the .cer file and copy over the base64 key between the certificate headers. For steps, see [How to export a certificate to get the encoded public key.](certificates-point-to-site.md)
+5. Fill in the private key section with the P2S client certificate private key in base64. For steps, see [How to extract private key.](howto-openvpn-clients.md#windows).
 6. Do not change any other fields. Use the filled in configuration in client input to connect to the VPN.
 7. Copy the vpnconfig.ovpn file to C:\Program Files\OpenVPN\config folder.
 8. Right-click the OpenVPN icon in the system tray and click connect.
@@ -141,7 +141,7 @@ Use the downloaded profile to configure the remote access clients. The procedure
 1. Select the VPN client configuration files that correspond to the architecture of the Windows computer. For a 64-bit processor architecture, choose the 'VpnClientSetupAmd64' installer package. For a 32-bit processor architecture, choose the 'VpnClientSetupX86' installer package.
 2. Double-click the package to install it. If you see a SmartScreen popup, click More info, then Run anyway.
 3. On the client computer, navigate to Network Settings and click VPN. The VPN connection shows the name of the virtual network that it connects to.
-4. Before you attempt to connect, verify that you have installed a client certificate on the client computer. A client certificate is required for authentication when using the native Azure certificate authentication type. For more information about generating certificates, see [Generate Certificates](https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-certificates-point-to-site). For information about how to install a client certificate, see Install a client certificate.
+4. Before you attempt to connect, verify that you have installed a client certificate on the client computer. A client certificate is required for authentication when using the native Azure certificate authentication type. For more information about generating certificates, see [Generate Certificates](certificates-point-to-site.md). For information about how to install a client certificate, see [Install a client certificate](../vpn-gateway/point-to-site-how-to-vpn-client-install-azure-cert.md).
 
 ## <a name="viewwan"></a>View your virtual WAN
 

articles/vpn-gateway/vpn-gateway-howto-openvpn-clients.md

@@ -12,154 +12,13 @@ ms.author: cherylmc
 ---
 # Configure OpenVPN clients for Azure VPN Gateway
 
-This article helps you configure **OpenVPN ® Protocol** clients.
+This article helps you configure **OpenVPN ® Protocol** clients.
 
 ## Before you begin
 
-
-
 Verify that you have completed the steps to configure OpenVPN for your VPN gateway. For details, see [Configure OpenVPN for Azure VPN Gateway](vpn-gateway-howto-openvpn.md).
 
-## <a name="windows"></a>Windows clients
-
-1. Download and install the OpenVPN client (version 2.4 or higher) from the official [OpenVPN website](https://openvpn.net/index.php/open-source/downloads.html).
-2. Download the VPN profile for the gateway. This can be done from the Point-to-site configuration tab in the Azure portal, or 'New-AzVpnClientConfiguration' in PowerShell.
-3. Unzip the profile. Next, open the *vpnconfig.ovpn* configuration file from the OpenVPN folder using Notepad.
-4. [Export](vpn-gateway-certificates-point-to-site.md#clientexport) the P2S client certificate you created and uploaded to your P2S configuration on the gateway.
-5. Extract the private key and the base64 thumbprint from the *.pfx*. There are multiple ways to do this. Using OpenSSL on your machine is one way. The *profileinfo.txt* file contains the private key and the thumbprint for the CA and the Client certificate. Be sure to use the thumbprint of the client certificate.
-
-   ```
-   openssl pkcs12 -in "filename.pfx" -nodes -out "profileinfo.txt"
-   ```
-6. Open *profileinfo.txt* in Notepad. To get the thumbprint of the client (child) certificate, select the text (including and between)"-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" for the child certificate and copy it. You can identify the child certificate by looking at the subject=/ line.
-7. Switch to the *vpnconfig.ovpn* file you opened in Notepad from step 3. Find the section shown below and replace everything between "cert" and "/cert".
-
-   ```
-   # P2S client certificate
-   # please fill this field with a PEM formatted cert
-   <cert>
-   $CLIENTCERTIFICATE
-   </cert>
-   ```
-8. Open the *profileinfo.txt* in Notepad. To get the private key, select the text (including and between) "-----BEGIN PRIVATE KEY-----" and "-----END PRIVATE KEY-----" and copy it.
-9. Go back to the vpnconfig.ovpn file in Notepad and find this section. Paste the private key replacing everything between and "key" and "/key".
-
-   ```
-   # P2S client root certificate private key
-   # please fill this field with a PEM formatted key
-   <key>
-   $PRIVATEKEY
-   </key>
-   ```
-10. Do not change any other fields. Use the filled in configuration in client input to connect to the VPN.
-11. Copy the vpnconfig.ovpn file to C:\Program Files\OpenVPN\config folder.
-12. Right-click the OpenVPN icon in the system tray and click connect.
-
-## <a name="mac"></a>Mac clients
-
-1. Download and install an OpenVPN client, such as [TunnelBlick](https://tunnelblick.net/downloads.html). 
-2. Download the VPN profile for the gateway. This can be done from the point-to-site configuration tab in the Azure portal, or by using 'New-AzVpnClientConfiguration' in PowerShell.
-3. Unzip the profile. Open the vpnconfig.ovpn configuration file from the OpenVPN folder in a text editor.
-4. Fill in the P2S client certificate section with the P2S client certificate public key in base64. In a PEM formatted certificate, you can simply open the .cer file and copy over the base64 key between the certificate headers. See [Export the public key](vpn-gateway-certificates-point-to-site.md#cer) for information about how to export a certificate to get the encoded public key.
-5. Fill in the private key section with the P2S client certificate private key in base64. See [Export your private key](https://openvpn.net/community-resources/how-to/#pki) for information about how to extract a private key.
-6. Do not change any other fields. Use the filled in configuration in client input to connect to the VPN.
-7. Double-click the profile file to create the profile in Tunnelblick.
-8. Launch Tunnelblick from the applications folder.
-9. Click on the Tunnelblick icon in the system tray and pick connect.
-
-> [!IMPORTANT]
->Only iOS 11.0 and above and MacOS 10.13 and above are supported with OpenVPN protocol.
->
-## <a name="iOS"></a>iOS clients
-
-1. Install the OpenVPN client (version 2.4 or higher) from the App store.
-2. Download the VPN profile for the gateway. This can be done from the point-to-site configuration tab in the Azure portal, or by using 'New-AzVpnClientConfiguration' in PowerShell.
-3. Unzip the profile. Open the vpnconfig.ovpn configuration file from the OpenVPN folder in a text editor.
-4. Fill in the P2S client certificate section with the P2S client certificate public key in base64. In a PEM formatted certificate, you can simply open the .cer file and copy over the base64 key between the certificate headers. See [Export the public key](vpn-gateway-certificates-point-to-site.md#cer) for information about how to export a certificate to get the encoded public key.
-5. Fill in the private key section with the P2S client certificate private key in base64. See [Export your private key](https://openvpn.net/community-resources/how-to/#pki) for information about how to extract a private key.
-6. Do not change any other fields.
-7. E-mail the profile file (.ovpn) to your email account that is configured in the mail app on your iPhone. 
-8. Open the e-mail in the mail app on the iPhone, and tap the attached file
-
-    ![Open email](./media/vpn-gateway-howto-openvpn-clients/ios2.png)
-
-9. Tap on **More** if you do not see **Copy to OpenVPN** option
-
-    ![Copy to OpenVPN](./media/vpn-gateway-howto-openvpn-clients/ios3.png)
-
-10. Tap on **Copy to OpenVPN** 
-
-    ![Copy to OpenVPN](./media/vpn-gateway-howto-openvpn-clients/ios4.png)
-
-11. Tap on **ADD** in the **Import Profile** page
-
-    ![Copy to OpenVPN](./media/vpn-gateway-howto-openvpn-clients/ios5.png)
-
-12. Tap on **ADD** in the **Imported Profile** page
-
-    ![Copy to OpenVPN](./media/vpn-gateway-howto-openvpn-clients/ios6.png)
-
-13. Launch the OpenVPN app and slide the switch in the **Profile** page right to connect
-
-    ![Connect](./media/vpn-gateway-howto-openvpn-clients/ios8.png)
-
-
-## <a name="linux"></a>Linux clients
-
-1. Open a new Terminal session. You can open a new session by pressing 'Ctrl + Alt + t' at the same time.
-2. Enter the following command to install needed components:
-
-   ```
-   sudo apt-get install openvpn
-   sudo apt-get -y install network-manager-openvpn
-   sudo service network-manager restart
-   ```
-3. Download the VPN profile for the gateway. This can be done from the Point-to-site configuration tab in the Azure portal.
-4. [Export](https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-certificates-point-to-site#clientexport) the P2S client certificate you created and uploaded to your P2S configuration on the gateway. 
-5. Extract the private key and the base64 thumbprint from the .pfx. There are multiple ways to do this. Using OpenSSL on your computer is one way.
-
-    ```
-	openssl.exe pkcs12 -in "filename.pfx" -nodes -out "profileinfo.txt"
-    ```
-   The *profileinfo.txt* file will contain the private key and the thumbprint for the CA, and the Client certificate. Be sure to use the thumbprint of the client certificate.
-
-6. Open *profileinfo.txt* in a text editor. To get the thumbprint of the client (child) certificate, select the text including and between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" for the child certificate and copy it. You can identify the child certificate by looking at the subject=/ line.
-
-7. Open the *vpnconfig.ovpn* file and find the section shown below. Replace everything between the and "cert" and "/cert".
-
-   ```
-   # P2S client certificate
-   # please fill this field with a PEM formatted cert
-   <cert>
-   $CLIENTCERTIFICATE
-   </cert>
-   ```
-8. Open the profileinfo.txt in a text editor. To get the private key, select the text including and between "-----BEGIN PRIVATE KEY-----" and "-----END PRIVATE KEY-----" and copy it.
-
-9. Open the vpnconfig.ovpn file in a text editor and find this section. Paste the private key replacing everything between and "key" and "/key".
-
-   ```
-   # P2S client root certificate private key
-   # please fill this field with a PEM formatted key
-   <key>
-   $PRIVATEKEY
-   </key>
-   ```
-
-10. Do not change any other fields. Use the filled in configuration in client input to connect to the VPN.
-11. To connect using the command line, type the following command:
-  
-    ```
-    sudo openvpn –-config <name and path of your VPN profile file>&
-    ```
-12. To connect using the GUI, go to system settings.
-13. Click **+** to add a new VPN connection.
-14. Under **Add VPN**, pick **Import from file…**
-15. Browse to the profile file and double-click or pick **Open**.
-16. Click **Add** on the **Add VPN** window.
-  
-    ![Import from file](./media/vpn-gateway-howto-openvpn-clients/importfromfile.png)
-17. You can connect by turning the VPN **ON** on the **Network Settings** page, or under the network icon in the system tray.
+[!INCLUDE [configuration steps](../../includes/vpn-gateway-vwan-config-openvpn-clients.md)]
 
 ## Next steps