update include

Author: cherylmc

articles/virtual-wan/point-to-site-vpn-client-cert-mac.md

@@ -1,42 +1,52 @@
 ---
-title: 'Configure P2S User VPN clients -certificate authentication - macOS and iOS'
-titleSuffix: Azure Virtual WAN
-description: Learn how to configure the VPN client for Virtual WAN User VPN configurations that use certificate authentication and IKEv2 or OpenVPN tunnel. This article applies to macOS and iOS.
+title: 'Configure P2S User VPN native VPN client - certificate authentication - macOS'
+description: Learn how to configure the VPN client for Virtual WAN User VPN configurations that use certificate authentication and IKEv2. This article applies to macOS.
 author: cherylmc
 ms.service: azure-virtual-wan
 ms.topic: how-to
-ms.date: 04/28/2023
+ms.date: 01/30/2025
 ms.author: cherylmc
 ---
 
-# Configure User VPN P2S clients - certificate authentication - macOS and iOS
+# Configure P2S User VPN clients: certificate authentication - native VPN client - macOS
 
-This article helps you connect to Azure Virtual WAN from a macOS or iOS operating system over User VPN P2S for configurations that use Certificate Authentication. To connect from an iOS or macOS operating system over an OpenVPN tunnel, you use an OpenVPN client. To connect from a macOS operating system over an IKEv2 tunnel, you use the VPN client that is natively installed on your Mac.
+If your point-to-site (P2S) User VPN gateway is configured to use IKEv2 and certificate authentication, you can connect to your virtual network using the native VPN client that's part of your macOS operating system. This article walks you through the steps to configure the native VPN client and connect to your virtual network.
 
-## Before you begin
+## Prerequisites
 
-* Make sure you've completed the necessary configuration steps in the [Tutorial: Create a P2S User VPN connection using Azure Virtual WAN](virtual-wan-point-to-site-portal.md).
+This article assumes that you've already performed the following prerequisites:
 
-* **Generate VPN client configuration files:** The VPN client configuration files that you generate are specific to the Virtual WAN User VPN profile that you download. Virtual WAN has two different types of configuration profiles: WAN-level (global), and hub-level. If there are any changes to the P2S VPN configuration after you generate the files, or you change to a different profile type, you need to generate new VPN client configuration files and apply the new configuration to all of the VPN clients that you want to connect. See [Generate User VPN client configuration files](about-vpn-profile-download.md).
+* You completed the necessary configuration steps in the [Tutorial: Create a P2S User VPN connection using Azure Virtual WAN](virtual-wan-point-to-site-portal.md).
+* You generated and downloaded the VPN client configuration files. The VPN client configuration files that you generate are specific to the Virtual WAN User VPN profile that you download.
 
-* **Obtain certificates:** The sections below require certificates. Make sure you have both the client certificate and the root server certificate information. For more information, see [Generate and export certificates](certificates-point-to-site.md) for more information.
+   Virtual WAN has two different types of configuration profiles: WAN-level (global), and hub-level. For more information, see [Download global and hub VPN profiles](global-hub-profile.md). If there are any changes to the P2S VPN configuration after you generate the files, or you change to a different profile type, you need to generate new VPN client configuration files and apply the new configuration to all of the VPN clients that you want to connect.
+* You have acquired the necessary certificates. You can either [generate client certificates](certificates-point-to-site.md), or acquire the appropriate client certificates necessary for authentication. Make sure you have both the client certificate and the root server certificate information.
 
-## <a name="ikev2-macOS"></a>IKEv2 - native client - macOS steps
+### Connection requirements
 
-[!INCLUDE [IKEv2 Native client Mac](../../includes/virtual-wan-certificates-mac-native-client-include.md)]
+To connect to Azure using the native VPN client software and certificate authentication, each connecting client requires the following items:
 
-##  <a name="openvpn-macOS"></a>OpenVPN Client - macOS steps
+* The client must have a client certificate that's installed locally.
+* The client must be running a supported version of macOS.
 
-The following example uses **TunnelBlick**.
+### Workflow
 
-[!INCLUDE [OpenVPN Mac](../../includes/vpn-gateway-vwan-config-openvpn-mac.md)]
+The workflow for this article is as follows:
 
-##  <a name="OpenVPN-iOS"></a>OpenVPN Client - iOS steps
+1. Generate client certificates if you haven't already done so.
+1. View the VPN client profile configuration files contained in the VPN client profile configuration package that you generated.
+1. Install certificates.
+1. Configure the native VPN client that's already installed your OS.
+1. Connect to Azure.
 
-The following example uses **OpenVPN Connect** from the App store.
+## Generate certificates
 
-[!INCLUDE [OpenVPN iOS](../../includes/vpn-gateway-vwan-config-openvpn-ios.md)]
+For certificate authentication, a client certificate must be installed on each client computer. The client certificate you want to use must be exported with the private key, and must contain all certificates in the certification path. Additionally, for some configurations, you'll also need to install root certificate information.
+
+For information about working with certificates, see [Generate and export certificates](certificates-point-to-site.md).
+
+[!INCLUDE [Configure macOS](../../includes/vpn-gateway-vwan-native-certificate.md)]
 
 ## Next steps
 
-[Tutorial: Create a P2S User VPN connection using Azure Virtual WAN](virtual-wan-point-to-site-portal.md).
+Follow up with any additional server or connection settings. See [Tutorial: Create a P2S User VPN connection using Azure Virtual WAN](virtual-wan-point-to-site-portal.md).

articles/vpn-gateway/point-to-site-vpn-client-cert-mac.md

@@ -5,7 +5,7 @@ description: Learn how to configure the VPN client for VPN Gateway P2S configura
 author: cherylmc
 ms.service: azure-vpn-gateway
 ms.topic: how-to
-ms.date: 10/07/2024
+ms.date: 01/30/2025
 ms.author: cherylmc
 ---
 
@@ -26,6 +26,7 @@ This article assumes that you've already performed the following prerequisites:
 * You created and configured your VPN gateway for point-to-site certificate authentication and the OpenVPN tunnel type. See [Configure server settings for P2S VPN Gateway connections - certificate authentication](point-to-site-certificate-gateway.md) for steps.
 * You generated and downloaded the VPN client configuration files. See [Generate VPN client profile configuration files](point-to-site-certificate-gateway.md#profile-files) for steps.
 * You can either generate client certificates, or acquire the appropriate client certificates necessary for authentication.
+* Your VPN gateway must be using a SKU other than the **Basic SKU**.
 
 ### Workflow
 
@@ -43,65 +44,7 @@ For certificate authentication, a client certificate must be installed on each c
 
 For information about working with certificates, see [Generate and export certificates](vpn-gateway-certificates-point-to-site.md).
 
-## View the VPN client profile configuration files
-
-All of the necessary configuration settings for the VPN clients are contained in a VPN client profile configuration zip file. You can generate client profile configuration files using PowerShell, or by using the Azure portal. Either method returns the same zip file.
-
-The VPN client profile configuration files are specific to the P2S VPN gateway configuration for the virtual network. If there are any changes to the P2S VPN configuration after you generate the files, such as changes to the VPN protocol type or authentication type, you need to generate new VPN client profile configuration files and apply the new configuration to all of the VPN clients that you want to connect.
-
-Unzip the file to view the folders. When you configure macOS native clients, you use the files in the **Generic** folder. The Generic folder is present if IKEv2 was configured on the gateway. If you don't see the Generic folder, check the following items, then generate the zip file again.
-
-* Check the tunnel type for your configuration. It's likely that IKEv2 wasn’t selected as a tunnel type.
-* Verify that the gateway isn't configured with the Basic SKU. The VPN Gateway Basic SKU doesn’t support IKEv2. You'll have to rebuild the gateway with the appropriate SKU and tunnel type if you want macOS clients to connect.
-
-The **Generic** folder contains the following files.
-
-* **VpnSettings.xml**, which contains important settings like server address and tunnel type.
-* **VpnServerRoot.cer**, which contains the root certificate required to validate the Azure VPN gateway during P2S connection setup.
-
-## Install certificates
-
-You'll need both the root certificate and the child certificate installed on your Mac. The child certificate must be exported with the private key and must contain all certificates in the certification path.
-
-### Root certificate
-
-1. Copy the root certificate file (the .cer file) - to your Mac. Double-click the certificate. Depending on your operating system, the certificate will either automatically install, or you'll see the **Add Certificates** page.
-1. If you see the **Add Certificates** page, for **Keychain:** click the arrows and select **login** from the dropdown.
-1. Click **Add** to import the file.
-
-### Client certificate
-
-The client certificate (.pfx file) is used for authentication and is required. Typically, you can just click the client certificate to install. For more information about how to install a client certificate, see [Install a client certificate](point-to-site-how-to-vpn-client-install-azure-cert.md).
-
-### Verify certificates are installed
-
-Verify that both the client and the root certificate are installed.
-
-1. Open **Keychain Access**.
-1. Go to the **Certificates** tab.
-1. Verify that both the client and the root certificate are installed.
-
-## Configure VPN client profile
-
-Use the steps in the [Mac User Guide](https://support.apple.com/guide/mac-help/set-up-a-vpn-connection-on-mac-mchlp2963/mac) that are appropriate for your operating system version  to add a VPN client profile configuration with the following settings.
-
-* Select **IKEv2** as the VPN type.
-* For **Display Name**, select a friendly name for the profile.
-* For both **Server Address** and **Remote ID**, use the value from the **VpnServer** tag in the **VpnSettings.xml** file.
-
-   :::image type="content" source="./media/point-to-site-vpn-client-cert-mac/vpn-server.png" alt-text="Screenshot to click Select." lightbox="./media/point-to-site-vpn-client-cert-mac/vpn-server.png":::
-
-* For **Authentication** settings, select **Certificate**.
-* For the **Certificate**, choose the child certificate you want to use for authentication. If you have multiple certificates, you can select **Show Certificate** to see more information about each certificate.
-* For **Local ID**, type the name of the child certificate that you selected.
-
-Once you finished configuring the VPN client profile, save the profile.
-
-## Connect
-
-The steps to connect are specific to the macOS operating system version. Refer to the [Mac User Guide](https://support.apple.com/guide/mac-help/set-up-a-vpn-connection-on-mac-mchlp2963/mac). Select the operating system version that you're using and follow the steps to connect.
-
-Once the connection has been established, the status shows as **Connected**. The IP address is allocated from the VPN client address pool.
+[!INCLUDE [Configure macOS](../../includes/vpn-gateway-vwan-native-certificate.md)]
 
 ## Next steps
 

includes/media/vpn-gateway-vwan-native-certificate.md/vpn-server.png

@@ -0,0 +1,67 @@
+---
+ author: cherylmc
+ ms.service: azure-vpn-gateway
+ ms.topic: include
+ ms.date: 01/30/2025
+ ms.author: cherylmc
+
+#Customer intent: this file is used for both virtual wan and vpn gateway articles.
+---
+## View the VPN client profile configuration files
+
+All of the necessary configuration settings for the VPN clients are contained in a VPN client profile configuration zip file. You can generate client profile configuration files using PowerShell, or by using the Azure portal. Either method returns the same zip file.
+
+The VPN client profile configuration files are specific to the P2S VPN gateway configuration for the virtual network. If there are any changes to the P2S VPN configuration after you generate the files, such as changes to the VPN protocol type or authentication type, you need to generate new VPN client profile configuration files and apply the new configuration to all of the VPN clients that you want to connect.
+
+Unzip the file to view the folders. When you configure macOS native clients, you use the files in the **Generic** folder. The Generic folder is present if IKEv2 was configured on the gateway. If you don't see the Generic folder, check the following items, then generate the zip file again.
+
+* Check the tunnel type for your configuration. It's likely that IKEv2 wasn’t selected as a tunnel type.
+
+The **Generic** folder contains the following files.
+
+* **VpnSettings.xml**, which contains important settings like server address and tunnel type.
+* **VpnServerRoot.cer**, which contains the root certificate required to validate the Azure VPN gateway during P2S connection setup.
+
+## Install certificates
+
+You'll need both the root certificate and the child certificate installed on your Mac. The child certificate must be exported with the private key and must contain all certificates in the certification path.
+
+### Root certificate
+
+1. Copy the root certificate file (the .cer file) - to your Mac. Double-click the certificate. Depending on your operating system, the certificate will either automatically install, or you'll see the **Add Certificates** page.
+1. If you see the **Add Certificates** page, for **Keychain:** click the arrows and select **login** from the dropdown.
+1. Click **Add** to import the file.
+
+### Client certificate
+
+The client certificate (.pfx file) is used for authentication and is required. Typically, you can just click the client certificate to install.
+
+### Verify certificates are installed
+
+Verify that both the client and the root certificate are installed.
+
+1. Open **Keychain Access**.
+1. Go to the **Certificates** tab.
+1. Verify that both the client and the root certificate are installed.
+
+## Configure VPN client profile
+
+Use the steps in the [Mac User Guide](https://support.apple.com/guide/mac-help/set-up-a-vpn-connection-on-mac-mchlp2963/mac) that are appropriate for your operating system version  to add a VPN client profile configuration with the following settings.
+
+* Select **IKEv2** as the VPN type.
+* For **Display Name**, select a friendly name for the profile.
+* For both **Server Address** and **Remote ID**, use the value from the **VpnServer** tag in the **VpnSettings.xml** file.
+
+   :::image type="content" source="./media/vpn-gateway-vwan-native-certificate/vpn-server.png" alt-text="Screenshot to click Select." lightbox="./media/vpn-gateway-vwan-native-certificate/vpn-server.png":::
+
+* For **Authentication** settings, select **Certificate**.
+* For the **Certificate**, choose the child certificate you want to use for authentication. If you have multiple certificates, you can select **Show Certificate** to see more information about each certificate.
+* For **Local ID**, type the name of the child certificate that you selected.
+
+Once you finished configuring the VPN client profile, save the profile.
+
+## Connect
+
+The steps to connect are specific to the macOS operating system version. Refer to the [Mac User Guide](https://support.apple.com/guide/mac-help/set-up-a-vpn-connection-on-mac-mchlp2963/mac). Select the operating system version that you're using and follow the steps to connect.
+
+Once the connection has been established, the status shows as **Connected**. The IP address is allocated from the VPN client address pool.