Freshness updates and formatting

Author: cherylmc

articles/vpn-gateway/point-to-site-vpn-client-cert-linux.md

@@ -1,17 +1,17 @@
 ---
-title: 'Configure P2S VPN clients -certificate authentication - Linux (strongSwan)'
+title: 'Configure P2S VPN clients -certificate authentication - Linux'
 titleSuffix: Azure VPN Gateway
-description: Learn how to configure the Linux (strongSwan) VPN client solution for VPN Gateway P2S configurations that use certificate authentication. This article applies to Linux (strongSwan).
+description: Learn how to configure a Linux VPN client solution for VPN Gateway P2S configurations that use certificate authentication.
 author: cherylmc
 ms.service: vpn-gateway
 ms.topic: how-to
-ms.date: 05/18/2022
+ms.date: 07/29/2022
 ms.author: cherylmc
 ---
 
-# Configure point-to-site VPN clients - certificate authentication - Linux (strongSwan)
+# Configure point-to-site VPN clients - certificate authentication - Linux
 
-When you connect to an Azure virtual network (VNet) using point-to-site (P2S) and certificate authentication from a Linux computer, you can use strongSwan. All of the necessary configuration settings for the VPN clients are contained in a VPN client configuration zip file. The settings in the zip file help you easily configure the VPN clients Linux.
+When you connect to an Azure virtual network (VNet) using point-to-site (P2S) and certificate authentication from a Linux computer, you can use strongSwan (IKEv2 tunnels) or an OpenVPN client. All of the necessary configuration settings for the VPN clients are contained in a VPN client configuration zip file. The settings in the zip file help you easily configure the VPN clients Linux.
 
 The VPN client configuration files that you generate are specific to the P2S VPN gateway configuration for the virtual network. If there are any changes to the P2S VPN configuration after you generate the files, such as changes to the VPN protocol type or authentication type, you need to generate new VPN client configuration files and apply the new configuration to all of the VPN clients that you want to connect. For more information about P2S connections, see [About point-to-site VPN](point-to-site-about.md).
 
@@ -21,63 +21,37 @@ Before beginning, verify that you are on the correct article. The following tabl
 
 [!INCLUDE [All client articles](../../includes/vpn-gateway-vpn-client-install-articles.md)]
 
->[!IMPORTANT]
->[!INCLUDE [TLS](../../includes/vpn-gateway-tls-change.md)]
-
-## <a name="strongswan"></a>1. Install strongSwan
-
-The steps in this article use strongSwan.
-
-[!INCLUDE [Install strongSwan](../../includes/vpn-gateway-strongswan-install-include.md)]
-
-## <a name="certificates"></a>2. Install certificates
-
-A client certificate is required for authentication when using the Azure certificate authentication type. A client certificate must be installed on each client computer. The exported client certificate must be exported with the private key, and must contain all certificates in the certification path. Make sure that the client computer has the appropriate client certificate installed before proceeding to the next section.
-
-For information about client certificates, see [Generate certificates - Linux](vpn-gateway-certificates-point-to-site-linux.md).
-
-## <a name="generate"></a>3. Generate VPN client configuration files
+## Generate VPN client configuration files
 
 You can generate client configuration files using PowerShell, or by using the Azure portal. Either method returns the same zip file.
 
-### <a name="portal"></a>Generate profile config files using the Azure portal
-
-1. In the Azure portal, navigate to the virtual network gateway for the virtual network that you want to connect to.
-1. On the virtual network gateway page, select **Point-to-site configuration** to open the Point-to-site configuration page.
-1. At the top of the Point-to-site configuration page, select **Download VPN client**. This doesn't download VPN client software, it generates the configuration package used to configure VPN clients. It takes a few minutes for the client configuration package to generate. During this time, you may not see any indications until the packet has generated.
+### View the folder and files
 
-   :::image type="content" source="./media/point-to-site-vpn-client-cert-linux/download-configuration.png" alt-text="Download the VPN client configuration." lightbox="./media/point-to-site-vpn-client-cert-linux/download-configuration.png":::
-1. Once the configuration package has been generated, your browser indicates that a client configuration zip file is available. It's named the same name as your gateway.
-
-### <a name="powershell"></a>Generate profile config files using PowerShell
-
-1. When generating VPN client configuration files, the value for '-AuthenticationMethod' is 'EapTls'. Generate the VPN client configuration files using the following command:
+Unzip the file to view the following folders:
 
-   ```azurepowershell-interactive
-   $profile=New-AzVpnClientConfiguration -ResourceGroupName "TestRG" -Name "VNet1GW" -AuthenticationMethod "EapTls"
+* **WindowsAmd64** and **WindowsX86**, which contain the Windows 32-bit and 64-bit installer packages, respectively. The **WindowsAmd64** installer package is for all supported 64-bit Windows clients, not just Amd.
+* **Generic**, which contains general information used to create your own VPN client configuration. The Generic folder is provided if IKEv2 or SSTP+IKEv2 was configured on the gateway. If only SSTP is configured, then the Generic folder isn’t present.
 
-   $profile.VPNProfileSASUrl
-   ```
+## Select the configuration instructions
 
-1. Copy the URL to your browser to download the zip file.
+The sections below contain instructions to help you configure your VPN client. Select the tunnel type that your P2S configuration uses, then select the method that you want to use to configure.
 
-## 4. View the folder and files
+* [IKEv2 tunnel type steps](#ike) for strongSwan
+* [OpenVPN tunnel type steps](#openvpn) for OpenVPN client
 
-Unzip the file to view the following folders:
+## <a name="ike"></a>IKEv2 - strongSwan steps
 
-* **WindowsAmd64** and **WindowsX86**, which contain the Windows 32-bit and 64-bit installer packages, respectively. The **WindowsAmd64** installer package is for all supported 64-bit Windows clients, not just Amd.
-* **Generic**, which contains general information used to create your own VPN client configuration. The Generic folder is provided if IKEv2 or SSTP+IKEv2 was configured on the gateway. If only SSTP is configured, then the Generic folder isn’t present.
+### Install strongSwan
 
-## 5. Select the configuration instructions
+[!INCLUDE [Install strongSwan](../../includes/vpn-gateway-strongswan-install-include.md)]
 
-The sections below contain instructions to help you configure your VPN client. Select the tunnel type that your P2S configuration uses, then select the method that you want to use to configure.
+### Install certificates
 
-* [IKEv2 tunnel type steps](#ike)
-* [OpenVPN tunnel type steps](#openvpn)
+A client certificate is required for authentication when using the Azure certificate authentication type. A client certificate must be installed on each client computer. The exported client certificate must be exported with the private key, and must contain all certificates in the certification path. Make sure that the client computer has the appropriate client certificate installed before proceeding to the next section.
 
-## <a name="ike"></a>IKEv2 tunnel type steps
+For information about client certificates, see [Generate certificates - Linux](vpn-gateway-certificates-point-to-site-linux.md).
 
-This section helps you configure Linux clients for certificate authentication that uses the IKEv2 tunnel type. To connect to Azure, you manually configure an IKEv2 VPN client.
+### View VPN client profile files
 
 Go to the downloaded VPN client profile configuration files. You can find all of the information that you need for configuration in the **Generic** folder. Azure doesn’t provide a *mobileconfig* file for this configuration.
 
@@ -91,7 +65,12 @@ The Generic folder contains the following files:
 * **VpnSettings.xml**, which contains important settings like server address and tunnel type.
 * **VpnServerRoot.cer**, which contains the root certificate required to validate the Azure VPN gateway during P2S connection setup.
 
-### <a name="gui"></a>GUI instructions
+After viewing the files, continue with the steps that you want to use:
+
+* [GUI steps](#gui)
+* [CLI steps](#cli)
+
+#### <a name="gui"></a>strongSwan GUI instructions
 
 This section walks you through the configuration using the strongSwan GUI. The following instructions were created on Ubuntu 18.0.4. Ubuntu 16.0.10 doesn’t support strongSwan GUI. If you want to use Ubuntu 16.0.10, you’ll have to use the [command line](#linuxinstallcli). The following examples may not match screens that you see, depending on your version of Linux and strongSwan.
 
@@ -126,7 +105,7 @@ This section walks you through the configuration using the strongSwan GUI. The f
 
    :::image type="content" source="./media/point-to-site-vpn-client-cert-linux/turn-on.png" alt-text="Screenshot shows copy." lightbox="./media/point-to-site-vpn-client-cert-linux/expanded/turn-on.png":::
 
-### <a name="linuxinstallcli"></a>CLI instructions
+#### <a name="cli"></a>strongSwan CLI instructions
 
 This section walks you through the configuration using the strongSwan CLI.