As per the official documentation of Microsoft Azure "A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer." Clearly justifying it's name Point to Site basically connects your Point which is an individual computer or system to the Azure Site Virtual Network. And this connection is a secured connection not via the Internet.
Point to Site configuration is very easy in Azure portal. Here are all the steps required.
Prior to that , we have some pre configured setup as follows:
For the Point, I have created a Virtual Machine in the Azure and have not given it a public IP (it will not be connected via Internet)
Now, let's continue the steps:
1. Add a Gateway Subnet to the Virtual Network :
Go to the Virtual Network Resource >> Add Gateway Subnet >> Provide a proper CIDR >> Save it
2. Create Virtual Network Gateway :
Search for Virtual Network Gateway from all resources and Add it on the Virtual Network with the Gateway Subnet
3. Create the Root and Child Certificates :
Here we need to create two Certificates needed for configuration. For this we have to follow the commands from here.
These commands are to run in the Windows Powershell which will generate two Certificates. To view the certificates open the Certificate Manager in your system. It will look as follows:
4. Export the certificates :
Firstly, to Export the Certificates you need to right click and find All Tasks >> Export
Now, for the Root Certificate Export with no Password but Choose Base64 Encoded
Second, in the same way you need to Export the Child Certificate but for Child you need to provide a Password since this will be shared with people.
Save both these certificates in your system.
5. Create a Point to Site connection in Virtual Network Gateway :
Create a Point to Site connection inside the Virtual Network Gateway >> Provide a Address pool >> Choose Tunnel Type according to need >> Choose Certificate for authentication >> Provide the Name of the root file >> Copy paste the contents of root certificate (open by notepad)
Save the Changes and after saving Download the VPN client. A zip file will be downloaded as shown below.
6. Extract the zip file and Install the client :
On extracting the file you will get files as shown:
Next, Double click on the Child certificate, provide the password and Install the certificate
Choose the file according to your system configuration and Install the VPN client. After successfully verifying with the child certificate, you will get options in your network and connectivity as such :
7. Final connection :
Let's see the magic here.
Try to connect your Virtual Server without connecting to the VPN client.
You will see you are unable to connect. This is obvious since you don't have a public IP and can't connect via private IP since you are not yet in the network of the Virtual Network in which your server lies.
Here is me trying to connect the server without connecting to the VPN.
Now, let's connect to the VPN. Once you have connected to the VPN , now if you SSH into the Virtual machine , you will be allowed since by connecting the VPN you have become a part of the Virtual Network.
That's all the steps for Point to Site connectivity.
Top comments (0)