Point To Site VPN – ARM

Hello Everyone today I will tell you how you can connect your Client computer network with Azure Network .

To connect two different network you have to follow VPN technology . In azure if you want to connect two Azure Network then you have to do either Vnet peering or Vnet to Vnet and if you want to connect on prem network with Azure then you have to either Site to Site or Point to Site.

Today I will talk about Point to Site VPN .

“A Point-to-Site (P2S) configuration lets you create a secure connection from an individual client computer to a virtual network. P2S is a VPN connection over SSTP (Secure Socket Tunneling Protocol). Point-to-Site connections are useful when you want to connect to your VNet from a remote location, such as from home or a conference, or when you only have a few clients that need to connect to a virtual network. P2S connections do not require a VPN device or a public-facing IP address. You establish the VPN connection from the client computer. ” – taken from Microsoft Site .

What you Need :

For Root Certificate :

$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject “CN=P2SRootCert” -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation “Cert:\CurrentUser\My” -KeyUsageProperty Sign -KeyUsage CertSign

For Client Certificate : 

New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature `
-Subject “CN=P2SChildCert” -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation “Cert:\CurrentUser\My” `
-Signer $cert -TextExtension @(“2.5.29.37={text}1.3.6.1.5.5.7.3.2”)

If you want to learn all parameters of this command click here .

Identify the self-signed root certificate that is installed on the computer. This cmdlet returns a list of certificates that are installed on your computer.

Get-ChildItem -Path “Cert:\CurrentUser\My”

1) Azure Network

2) Virtual Network Gateway

Click on start -> Type “Manage User Certificate” -> Open

 Open it..

Open Personal.

Right Click on AdatumRootCertificate and go to all task and click on Export

Click On Next and follow the Step ->

After this steps you will see the certificate in your desktop .

Now Open Portal and Go to Virtual Network Gateway .

Click on Point to Site -> 

Now provide a address pool range from where Client Will Get the IP address.

Now Go to Desktop and Right click on Root Certificate and Open With NotePad ->

You will get this when you will open Root Certificate in Notepad .

Copy only the code –

Now go to Portal and Paste the code –

Give certificate Name and click on Save .

It will update the settings .

Then you can download the VPN client .

Download the VPN software and install it.

Then go to RUN -> Open NCPA.CPL

You will find USVlan connectivity .

Right Click and click on connect .

Right Click on USVlan and click on connect.

Then you will get this page – 

Now Click on connect and your computer will be connected with Azure Virtual Network.

Thanks for visiting my Blog . I will post something new very soon.