Setup Azure P2S VPN using Entra ID (Azure Active Directory) and Certificate based authentication
Dear Azure Community,
I am currently working on setting up a Point-to-Site (P2S) VPN using an IKEv2 tunnel with the following requirements:
- Authentication using Microsoft Entra ID (Azure Active Directory) with MFA
- Certificate-based Authentication (including both root and client certificates)
After some research, I've come across a few challenges and wanted to get the community's perspective on their feasibility:
IKEv2 and Entra ID Authentication: From what I understand, IKEv2 does not support Entra ID authentication, and this method is only supported via OpenVPN. I would like to confirm if this is indeed correct or if there is a workaround to make IKEv2 work with Entra ID and MFA.
Combining Entra ID and Certificate-based Authentication: My intention is to combine both Entra ID and certificate authentication for added security. However, I am unable to find any way to configure both authentication types simultaneously. Is this possible with the Azure VPN client, or are there any other approaches to achieve this combination?
Any guidance, suggestions, or alternative methods for achieving this setup would be greatly appreciated.
Thank you for your assistance!
Best regards,
Senthil Prabhu