Merge pull request #229108 from stegag/patch-46

Update vpn-gateway-strongswan-install-include.md

Author: v-dirichards

articles/vpn-gateway/point-to-site-vpn-client-cert-linux.md

@@ -113,7 +113,17 @@ This section walks you through the configuration using the strongSwan CLI.
 
 1. From the VPN client profile configuration files **Generic** folder, copy or move the **VpnServerRoot.cer** to **/etc/ipsec.d/cacerts**.
 
-1. Copy or move **cp client.p12** to **/etc/ipsec.d/private/**. This file is the client certificate for the VPN gateway.
+1. Copy or move the p12 file you generated to **/etc/ipsec.d/private/**. This file is the client certificate for the VPN gateway. Use the following command:
+
+   ```
+   sudo cp "${USERNAME}.p12"  /etc/ipsec.d/private/
+   ```
+
+1. Run the following command to take note of your hostname. You’ll use this value in the next step.
+
+   ```
+   hostnamectl --static
+   ```
 
 1. Open the **VpnSettings.xml** file and copy the `<VpnServer>` value. You’ll use this value in the next step.
 
@@ -126,25 +136,31 @@ This section walks you through the configuration using the strongSwan CLI.
          leftfirewall=yes
          left=%any
          leftauth=eap-tls
-         leftid=%client # use the DNS alternative name prefixed with the %
-         right= Enter the VPN Server value here# Azure VPN gateway address
-         rightid=% # Enter the VPN Server value here# Azure VPN gateway FQDN with %
+         leftid=%client # use the hostname of your machine with % character prepended. Example: %client
+         right= #Azure VPN gateway address. Example: azuregateway-xxx-xxx.vpn.azure.com
+         rightid=% #Azure VPN gateway FQDN with % character prepended. Example: %azuregateway-xxx-xxx.vpn.azure.com
          rightsubnet=0.0.0.0/0
          leftsourceip=%config
          auto=add
    ```
+   
+   
 
-1. Add the following values to **/etc/ipsec.secrets**.
+1. Add the secret values to **/etc/ipsec.secrets**.
 
+   The name of the p.12 file must match what you have used earlier.
+   The password must also match the password chosen when generating the certificates.
+   
+   This is an example command to run on a machine which hostname is "client" and certificate password is "password"
    ```cli
    : P12 client.p12 'password' # key filename inside /etc/ipsec.d/private directory
    ```
 
-1. Run the following commands:
+1. Finally run the following commands:
 
    ```cli
-   # ipsec restart
-   # ipsec up azure
+   sudo ipsec restart
+   sudo ipsec up azure
    ```
 
 ## <a name="openvpn"></a>OpenVPN steps

includes/vpn-gateway-strongswan-certificates-include.md

@@ -27,7 +27,7 @@ Generate the user certificate.
 
   ```
   export PASSWORD="password"
-  export USERNAME="client"
+  export USERNAME=$(hostnamectl --static)
 
   ipsec pki --gen --outform pem > "${USERNAME}Key.pem"
   ipsec pki --pub --in "${USERNAME}Key.pem" | ipsec pki --issue --cacert caCert.pem --cakey caKey.pem --dn "CN=${USERNAME}" --san "${USERNAME}" --flag clientAuth --outform pem > "${USERNAME}Cert.pem"
@@ -37,4 +37,4 @@ Generate a p12 bundle containing the user certificate. This bundle will be used
 
   ```
   openssl pkcs12 -in "${USERNAME}Cert.pem" -inkey "${USERNAME}Key.pem" -certfile caCert.pem -export -out "${USERNAME}.p12" -password "pass:${PASSWORD}"
-  ```
+  ```

includes/vpn-gateway-strongswan-install-include.md

@@ -14,6 +14,14 @@ The following configuration was used for the steps below:
 
 Use the following commands to install the required strongSwan configuration:
 
+```
+sudo apt-get update
+```
+
+```
+sudo apt-get upgrade
+```
+
 ```
 sudo apt install strongswan
 ```
@@ -32,4 +40,4 @@ Use the following command to install the Azure command-line interface:
 curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
 ```
 
-For more information, see [Additional instructions to install the Azure CLI](/cli/azure/install-azure-cli-apt). 
+For more information, see [Additional instructions to install the Azure CLI](/cli/azure/install-azure-cli-apt).