A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer. A P2S connection is established by starting it from the client computer. This solution is useful for telecommuters who want to connect to Azure VNets from a remote location, such as from home or a conference. P2S VPN is also a useful solution to use instead of S2S VPN when you have only a few clients that need to connect to a VNet.
Step 1
Create a new virtual network. Keep address space as 192.168.0.0/16.
Step 2
Subnet address range 192.168.1.0/24.
Step 3
A virtual network (VNet) in Azure are infrastructure services that are connected to other networks and must have a gateway subnet, which contains the systems that exchanges packets with other networks.
Step 4
You will not be able to change the name since there is just one Gateway Subnet in every virtual network. Click on OK.
Step 5
There will be two subnets now. One is the subnet that was created at the time of VNet creation and the other one is the GatewaySubnet.
Now, let us understand what is Virtual Network Gateway,
- A VPN gateway is a type of virtual network gateway that sends encrypted traffic across a public connection to an on-premises location. You can also use VPN gateways to send encrypted traffic between Azure virtual networks over the Microsoft network.
- In short to establish Cross-Premises VPN Connections you need Virtual Network Gateway.
- A virtual network gateway is the software VPN device for your Azure virtual network. Use this with a connection to set up a site-to-site VPN connection between an Azure virtual network and your local network, or a VNet-to-VNet VPN connection between two Azure virtual networks. It can also be used to connect a virtual network to an ExpressRoute circuit.
Step 6
Now, we need to create a virtual network gateway.
Step 7
Keep the gateway type as VPN and VPN type as route based. Keep SKU (Stock Keeping Unit) as basic. Choose the Virtual Network.
Step 8
Create a new public IP address. Remember, a virtual network gateway can take up to 45 minutes to create.
Step 9
Next, we need to create a VM. Search for Windows 2012 R2 Datacenter and click on create. Give the basic details and select disk type as HDD.
Step 10
In the virtual machine size, choose the basic configuration A2 Basic.
Step 11
Select VNet. Select the subnet. Keep public IP as none. Boot diagnostics disabled. Everything else defaults and click on OK. Then click on create.
Step 12
Next, we need to create a root certificate for the VPN. For that, we need to download and install Windows 10 SDK. This will download an installer file. Open it and follow the steps.
Step 13
All the features will collectively require some 2.7 GB of the space. Click on install.
Step 14
Once it gets installed, open Powershell, go to the folder where the SDK is installed i.e Program Files (x86) - Windows Kits - 10 - bin - x86.
Step 15
Run the command dir and you will see makecert.exe in the list.
Step 16
Press cmd. It will change your PS command prompt to a normal command prompt.
Step 17
Create a new folder Azure inside the temp folder and navigate to it through Powershell.
Step 18
Run this command to generate the root certificate.
makecert -sky exchange -r -n "CN=KrunalRootCert" -pe -a sha1 -len 2048 -ss My "KrunalRootCert.cer"
Step 19
You will be able to see the certificate. And it is most probably installed as well.
Step 20
Then type certmgr.msc.
You can find the certificate in Personal - Certificates.
Step 21
Right-click on the certificate name and click on export. Do not export the private key. Choose base 64.
Step 22
Specify the file name with path. CertificateName.Base64.cer
Step 23
The certificate will be exported.
Step 24
Go to explorer and right click and open it in notepad.
Step 25
Make sure the text is in one single line so that you can cut and paste it.
Step 26
It would be something like this.
Step 27
Make it like this. MAKE SURE TO DELETE ALL THE UNNECESSARY SPACE.
Step 28
Copy the certificate part and paste it into some other notepad file in the same folder and keep it aside for some other time.
Step 29
Now, we need to create a client certificate. This command will create a client certificate for the root certificate.
Step 30
Go to cert manager and refresh. You will see the client certificate.
Step 31
Right-click on your client certificate name and export it. Export the private key as well. Also, the file extension will be .pfx and after exporting it will be available in explorer as well. Also, set the Password.
Step 32
Once you get the VPN client, you will have to distribute that with the pfx file.
Step 33
Once the gateway gets successfully deployed, go to its overview and click on the point to site configuration.
Step 34
Paste the one line key and click on Save.
Step 35
Once it gets updated, the download VPN button will get activated. Click on download VPN to download the VPN client.
Step 36
It won't probably run though because we don’t have the client certificate installed. So double click on the client certificate to import it. Everyone who needs to download and install this VPN must have the client certificate imported. Once it gets done, you can install your VPN client.
Step 37
Just double-click on the client certificate and follow the steps. It will ask for the password. Import the certificate. Now, you can install the VPN.
Step 38
You can see the VPN in your connections tab. Connect to it and use the client cert in the option.
Step 39
Once, you are connected to your VNET then try to take RDP of your VM with the Private IP. So just go to the portal, select VM and connect it. You would be able to download RDP and connect it.
Now, disconnect from your VNET and perform the same steps to connect the VM and take RDP. You will be able to download RDP file but not be able to take RDP.
Step 40
If you do ipconfig/all in the Powershell, you will be able to find the address pool as well.
Step 41
Go to the VM overview and connect via the private IP address.
Step 42
The alternative way to connect to your VM is by opening RDP on your local machine and entering the private IP to connect to your VM. Hence, we have established a Point to Site connection in Microsoft Azure.