Merge pull request #293841 from cherylmc/OpenVPN-macos

Stacyrch140 · web-flow · commit f328898a1db8 · 2025-01-30T16:38:46.000-05:00
iOS-macOS
diff --git a/articles/virtual-wan/TOC.yml b/articles/virtual-wan/TOC.yml
@@ -243,7 +243,13 @@
             - name: Version 3.x
               href: point-to-site-vpn-client-certificate-windows-openvpn-client-version-3.md
         - name: macOS and iOS clients
-          href: point-to-site-vpn-client-cert-mac.md    
+          items:
+          - name: Native VPN client
+            href: point-to-site-vpn-client-cert-mac.md
+          - name: OpenVPN client - macOS
+            href: point-to-site-vpn-client-certificate-openvpn-mac.md
+          - name: OpenVPN client - iOS
+            href: point-to-site-vpn-client-certificate-openvpn-ios.md  
         - name: Install client certificates
           href: install-client-certificates.md
       - name: VPN client profiles
diff --git a/articles/virtual-wan/point-to-site-vpn-client-certificate-openvpn-ios.md b/articles/virtual-wan/point-to-site-vpn-client-certificate-openvpn-ios.md
@@ -0,0 +1,32 @@
+---
+title: 'Configure P2S VPN clients - certificate authentication - iOS OpenVPN client'
+titleSuffix: Azure Virtual WAN
+description: Learn how to configure the VPN client for Virtual WAN P2S configurations that use certificate authentication. This article applies to iOS OpenVPN client.
+author: cherylmc
+ms.service: azure-virtual-wan
+ms.topic: how-to
+ms.date: 01/30/2025
+ms.author: cherylmc
+---
+
+# Configure P2S User VPN clients: certificate authentication - OpenVPN client - iOS
+
+This article helps you connect to your Azure virtual network (VNet) using Virtual WAN User VPN point-to-site (P2S) and **Certificate authentication** on iOS using an OpenVPN client.
+
+[!INCLUDE [Prerequisites- iOS](../../includes/virtual-wan-user-vpn-openvpn-prerequisites.md)]
+
+## Generate client certificates
+
+For certificate authentication, you must install a client certificate on each connecting client computer. The client certificate you want to use must be exported with the private key, and must contain all certificates in the certification path.
+
+For information about working with certificates, see [Generate and export certificates](certificates-point-to-site.md).
+
+## Configure the OpenVPN client
+
+The following example uses **OpenVPN Connect** from the App store.
+
+[!INCLUDE [OpenVPN iOS](../../includes/vpn-gateway-vwan-config-openvpn-ios.md)]
+
+## Next steps
+
+Follow up with any additional server or connection settings. See [Tutorial: Create a P2S User VPN connection using Azure Virtual WAN](virtual-wan-point-to-site-portal.md).
diff --git a/articles/virtual-wan/point-to-site-vpn-client-certificate-openvpn-mac.md b/articles/virtual-wan/point-to-site-vpn-client-certificate-openvpn-mac.md
@@ -0,0 +1,32 @@
+---
+title: 'Configure P2S VPN clients - certificate authentication - macOS OpenVPN client'
+titleSuffix: Azure Virtual WAN
+description: Learn how to configure the VPN client for Virtual WAN P2S configurations that use certificate authentication. This article applies to macOS OpenVPN client.
+author: cherylmc
+ms.service: azure-virtual-wan
+ms.topic: how-to
+ms.date: 01/30/2025
+ms.author: cherylmc
+---
+
+# Configure P2S User VPN clients: certificate authentication - OpenVPN client - macOS
+
+This article helps you connect to your Azure virtual network (VNet) using Virtual WAN User VPN point-to-site (P2S) and **Certificate authentication** on macOS using an OpenVPN client.
+
+[!INCLUDE [Prerequisites- macOS](../../includes/virtual-wan-user-vpn-openvpn-prerequisites.md)]
+
+## Generate client certificates
+
+For certificate authentication, a client certificate must be installed on each client computer. The client certificate you want to use must be exported with the private key, and must contain all certificates in the certification path.
+
+For information about working with certificates, see [Generate and export certificates](certificates-point-to-site.md).
+
+## Configure the OpenVPN client
+
+The following example uses **TunnelBlick**.
+
+[!INCLUDE [OpenVPN macOS](../../includes/vpn-gateway-vwan-config-openvpn-mac.md)]
+
+## Next steps
+
+Follow up with any additional server or connection settings. See [Tutorial: Create a P2S User VPN connection using Azure Virtual WAN](virtual-wan-point-to-site-portal.md).
diff --git a/includes/virtual-wan-user-vpn-openvpn-prerequisites.md b/includes/virtual-wan-user-vpn-openvpn-prerequisites.md
@@ -0,0 +1,28 @@
+---
+author: cherylmc
+ms.service: azure-vpn-gateway
+ms.topic: include
+ms.date: 01/28/2025
+ms.author: cherylmc
+---
+
+## Prerequisites
+
+This article assumes that you've already performed the following prerequisites:
+
+* You completed the necessary configuration steps in the [Tutorial: Create a P2S User VPN connection using Azure Virtual WAN](../articles/virtual-wan/virtual-wan-point-to-site-portal.md).
+* You generated and downloaded the VPN client configuration files. The VPN client configuration files that you generate are specific to the Virtual WAN User VPN profile that you download. Virtual WAN has two different types of configuration profiles: WAN-level (global), and hub-level. For more information, see [Download global and hub VPN profiles](../articles/virtual-wan/global-hub-profile.md). If there are any changes to the P2S VPN configuration after you generate the files, or you change to a different profile type, you need to generate new VPN client configuration files and apply the new configuration to all of the VPN clients that you want to connect.
+* You have acquired the necessary certificates. You can either [generate client certificates](../articles/virtual-wan/certificates-point-to-site.md), or acquire the appropriate client certificates necessary for authentication. Make sure you have both the client certificate and the root server certificate information.
+
+### Connection requirements
+
+To connect to Azure using the OpenVPN client using certificate authentication, each connecting client requires the following items:
+
+* The Open VPN Client software must be installed and configured on each client.
+* The client must have a client certificate that's installed locally.
+
+### About certificates
+
+For certificate authentication, you must install a client certificate on each client computer that you want to connect to the VPN gateway. The client certificate you want to use must be exported with the private key, and must contain all certificates in the certification path. Additionally, for some configurations, you'll also need to install root certificate information.
+
+The OpenVPN client in this article uses certificates exported with a *.pfx* format. You can export a client certificate easily to this format using the Windows instructions. See [Generate and export certificates for User VPN connections](../articles/virtual-wan/certificates-point-to-site.md). If you don't have a Windows computer, as a workaround, you can use a small Windows VM to export certificates to the needed *.pfx* format.
diff --git a/includes/vpn-gateway-vwan-config-openvpn-mac.md b/includes/vpn-gateway-vwan-config-openvpn-mac.md
@@ -15,7 +15,7 @@
 
 1. Download and install an OpenVPN client, such as [TunnelBlick](https://tunnelblick.net/downloads.html).
 
-1. If you haven't already done so, download the VPN client profile package from the Azure portal.
+1. Download the VPN client profile package from the Azure portal.
 
 1. Unzip the profile. Open the vpnconfig.ovpn configuration file from the OpenVPN folder in a text editor.
 
