What if you already have a Vnet in Azure with resources connected to it ? In this blog, I will elaborate on how to enable Point-to-Site VPN for an existing Vnet . It is documented based on the testing done in new portal. The Vnet was already existing, and a VPN gateway was created from the new portal using the graphical interface and connected to the Vnet. For the remaining steps, PowerShell was used.
1. Create VPN gateway . Go to new portal->Virtual network gateway and create new. You will have to select the Vnet for which you want to create the gateway, provide a gateway subnet IP range , select a public Ip address , select the Gateway type as VPN and VPN type as route based. Please note that for enabling Point-to-Site VPN connectivity , the gateway type should be route based.
2. Create an IP pool , from which IP will be allocated to VPN clients. This should be done using Azure PowerShell. First login to your Azure account
Create VPN Client Address pool
Set-AzureRmVirtualNetworkGatewayVpnClientConfig -VirtualNetworkGateway $Gw -VpnClientAddressPool "192.168.100.0/24"
3. Create a self signed certificate for your client machine using the following steps mentioned in the following link
4. Once the client certificate is created installed , next steps is to export the root certificate in .cer format. You can do that from the certificate management mmc. Ensure that you select the option "Base-64 encoded X.509 (.cer)" in the certificate export wizard
$Gw = Get-AzureRmVirtualNetworkGateway -Name "p2sgwtst" -ResourceGroupName "p2stest"
Here p2sgwtst is name if my Virtual Network Gateway and p2stest is Resource Group Name
6. Get information about your root certificate
$Text = Get-Content -Path "\<path of root certificate>\Root.cer"
7. Add the root certificate to the VPN gateway
$rootCert = Add-AzureRmVpnClientRootCertificate -VpnClientRootCertificateName "RootCertificateNp.cer" -PublicCertData ($CertificateText | out-string) -VirtualNetworkGatewayName $gw.Name -ResourceGroupName "p2stest"
8. Download the Azure VPN package
Get-AzureRmVpnClientPackage -ResourceGroupName "p2stest" -VirtualNetworkGatewayName $gw.Name -ProcessorArchitecture Amd64
You will get a download link for the exe as output. Copy it over to the client machine and install using administrative privileges. If it is all installed correctly, you will see the network in the list of VPNs in your machine