To create a Point-to-Site connection, you have to perform the following steps:
- Ensure you have a virtual network with a gateway subnet, but avoid IPs overlapping with your on-premises.
- Build a virtual network gateway for the virtual network you've created.
- Then, you need to generate a certificate to allow a client to authenticate the VNet over a Point-to-Site VPN connection. This can be done either by a CA server or self-signed certificate.
- To create a self-signed certificate, you can run the following PowerShell cmdlet:
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject "CN=RootCert" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:CurrentUserMy" -KeyUsageProperty Sign -KeyUsage CertSign
- Then, open Manage user certificates and navigate to Current User | Personal | Certificates where you can find the certificate you have just created, as shown in the following screenshot:
Figure 4.7: Root cert location
- Right-click on the certificate you have created, then select All Tasks | Export..., as shown in the following screenshot:
Figure 4.8: Exporting the certificate
- You will be prompted by a welcome screen. Click on Next.
- Then, select not to export the private key and click on Next, as shown in the following screenshot:
Figure 4.9: Determining whether to export the private key or not
- After that, you have to specify the certificate format and Base-64 encoded X.509 (.CER) will be selected, as shown in the following screenshot:
Figure 4.10: Select the file format of the certificate
- On the next screen, you have to specify the path to where the certificate will be exported, as shown in the following screenshot:
Figure 4.11: Export file path
- Finally, you will be presented with a summary of all the settings you have specified during the export process, as shown in the following screenshot:
Figure 4.12: Certificate export summary
- After clicking on Finish, a wizard will pop up confirming that the export was successful, as shown in the following screenshot:
Figure 4.13: Successful export
- Navigate to where the certificate has been exported and open it with Notepad. Copy the certificate data, as shown in the following screenshot:
Figure 4.14: Copying the certificate data
- Navigate back to the virtual network gateway you have created on the Azure portal, and open Point-to-site configuration, as shown in the following screenshot:
Figure 4.15: Point-to-Site configuration blade
- Click on Configure now, and the following fields will appear in the same blade:
- Address pool: The IP address range of your environment.
- Tunnel type: Select the tunnel type that will fit the client/s that will connect to the VNet over the Point-to-Site VPN connection.
- Authentication type: There are two authentication types—Azure certificate and RADIUS authentication, which is still in preview at the time of writing. Select Azure certificate as it will fit this scenario.
- Root certificates: Specify a name for the certificates and paste the data you copied earlier under public certificate data.
- Revoked certificates: You can revoke specific client certificates by entering a name for the certificate and its thumbprint:
Figure 4.16: Configuring Point-to-Site connection
- Click on Save, and it will take a while to save the configuration. You will be able to Download VPN client, as shown in the following screenshot:
Figure 4.17: Download VPN client
- A zipped file will be downloaded. Unzip the file and three folders will be generated:
- Generic: Contains general information about the VPN client configuration that was specified earlier, and a certificate that needs to be installed
- WindowsAmd64: Contains the executable for all 64-bit Windows clients
- WindowsX86: Contains the executable for all 32-bit Windows clients
- Install the certificate in the Generic folder, all you need to do is accept its defaults.
- Install the executable that will fit your OS.
- Once it is installed, you will note that a VPN connection has been added to your connections, as shown in the following screenshot:
Figure 4.18: The networks and VPN connections
- Click on the VPN connection, PP-VirtualNetwork, and click on Connect, as shown in the following screenshot:
Figure 4.19: Connect to the VNet
- Now, you can use a remote desktop to log on to any VM that exists within the virtual network you are connected to remotely, using its private IP address.