You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/vpn-gateway/vpn-gateway-howto-point-to-site-rm-ps.md
+12-37Lines changed: 12 additions & 37 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,18 +1,18 @@
1
1
---
2
-
title: 'Connect to a VNet from a computer - P2S VPN and Azure certificate authentication: PowerShell'
2
+
title: 'Configure P2S server configuration - certificate authentication: PowerShell'
3
3
description: Learn how to connect Windows and macOS clients securely to Azure virtual network using P2S and self-signed or CA issued certificates.
4
4
titleSuffix: Azure VPN Gateway
5
5
services: vpn-gateway
6
6
author: cherylmc
7
7
8
8
ms.service: vpn-gateway
9
9
ms.topic: how-to
10
-
ms.date: 05/05/2022
10
+
ms.date: 01/18/2023
11
11
ms.author: cherylmc
12
12
ms.custom: devx-track-azurepowershell
13
13
14
14
---
15
-
# Configure a Point-to-Site VPN connection to a VNet using Azure certificate authentication: PowerShell
15
+
# Configure server settings for P2S VPN Gateway connections - certificate authentication - Azure PowerShell
16
16
17
17
This article helps you securely connect individual clients running Windows, Linux, or macOS to an Azure VNet. Point-to-site VPN connections are useful when you want to connect to your VNet from a remote location, such when you are telecommuting from home or a conference. You can also use P2S instead of a Site-to-Site VPN when you have only a few clients that need to connect to a VNet. Point-to-site connections do not require a VPN device or a public-facing IP address. P2S creates the VPN connection over either SSTP (Secure Socket Tunneling Protocol), or IKEv2.
18
18
@@ -105,7 +105,7 @@ $DNS = "10.2.1.4"
105
105
106
106
## <aname="creategateway"></a>Create the VPN gateway
107
107
108
-
In this step, you configure and create the virtual network gateway for your VNet.
108
+
In this step, you configure and create the virtual network gateway for your VNet. For more complete information about authentication and tunnel type, see [Specify tunnel and authentication type](vpn-gateway-howto-point-to-site-resource-manager-portal.md#type) in the Azure portal version of this article.
109
109
110
110
* The -GatewayType must be **Vpn** and the -VpnType must be **RouteBased**.
111
111
* The -VpnClientProtocol is used to specify the types of tunnels that you would like to enable. The tunnel options are **OpenVPN, SSTP**, and **IKEv2**. You can choose to enable one of them or any supported combination. If you want to enable multiple types, then specify the names separated by a comma. OpenVPN and SSTP cannot be enabled together. The strongSwan client on Android and Linux and the native IKEv2 VPN client on iOS and macOS will use only the IKEv2 tunnel to connect. Windows clients try IKEv2 first and if that doesn’t connect, they fall back to SSTP. You can use the OpenVPN client to connect to OpenVPN tunnel type.
@@ -117,7 +117,7 @@ In this step, you configure and create the virtual network gateway for your VNet
1. Once your gateway is created, you can view it using the following example. If you closed PowerShell or it timed out while your gateway was being created, you can [declare your variables](#declare) again.
> You can't generate certificates using Azure Cloud Shell. You must use one of the methods outlined in this section. If you want to use PowerShell, you must install it locally.
144
144
>
145
145
146
-
Certificates are used by Azure to authenticate VPN clients for point-to-site VPNs. You upload the public key information of the root certificate to Azure. The public key is then considered 'trusted'. Client certificates must be generated from the trusted root certificate, and then installed on each client computer in the Certificates-Current User/Personal certificate store. The certificate is used to authenticate the client when it initiates a connection to the VNet.
146
+
Certificates are used by Azure to authenticate VPN clients for point-to-site VPNs. You upload the public key information of the root certificate to Azure. The public key is then considered 'trusted'. Client certificates must be generated from the trusted root certificate, and then installed on each client computer in the Certificates-Current User/Personal certificate store. The certificate is used to authenticate the client when it initiates a connection to the VNet.
147
147
148
148
If you use self-signed certificates, they must be created using specific parameters. You can create a self-signed certificate using the instructions for [PowerShell and Windows 10 or later](vpn-gateway-certificates-point-to-site.md), or, if you don't have Windows 10 or later, you can use [MakeCert](vpn-gateway-certificates-point-to-site-makecert.md). It's important that you follow the steps in the instructions when generating self-signed root certificates and client certificates. Otherwise, the certificates you generate will not be compatible with P2S connections and you receive a connection error.
149
149
@@ -195,40 +195,15 @@ The following steps help you install on a Windows client. For additional clients
195
195
196
196
Make sure the client certificate was exported as a .pfx along with the entire certificate chain (which is the default). Otherwise, the root certificate information isn't present on the client computer and the client won't be able to authenticate properly.
197
197
198
-
## <aname="clientconfig"></a>Configure the VPN client
198
+
## <aname="connect"></a>Configure VPN clients and connect to Azure
199
199
200
-
To connect to the virtual network gateway using P2S, each computer uses the VPN client that is natively installed as a part of the operating system. For example, when you go to VPN settings on your Windows computer, you can add VPN connections without installing a separate VPN client. You configure each VPN client by using a client configuration package. The client configuration package contains settings that are specific to the VPN gateway that you created.
200
+
Each VPN client is configured using the files in a VPN client profile configuration package that you generate and download. The configuration package contains settings that are specific to the VPN gateway that you created. If you make changes to the gateway, such as changing a tunnel type, certificate, or authentication type, you'll need to generate another VPN client profile configuration package and install it on each client. Otherwise, your VPN clients may not be able to connect.
201
201
202
-
You can use the following quick examples to generate and install the client configuration package. For more information about package contents and additional instructions about to generate and install VPN client configuration files, see [Create and install VPN client configuration files](point-to-site-vpn-client-cert-windows.md).
202
+
For steps to generate a VPN client profile configuration package, configure your VPN clients, and connect to Azure, see the following articles:
203
203
204
-
If you need to declare your variables again, you can find them [here](#declare).
From the Network dialog box, locate the client profile that you want to use, then click **Connect**.
229
-
Check [Install - Mac (macOS)](point-to-site-vpn-client-cert-mac.md) for detailed instructions. If you are having trouble connecting, verify that the virtual network gateway is not using a Basic SKU. Basic SKU is not supported for Mac clients.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments