Share via

I have created VPN Gateway and i want to provide VPN access to my Virtual machine. how can i do that?

Arhanti Doshi 65 Reputation points
2024-10-06T08:32:30.38+00:00

I have created VPN Gateway and i want to provide VPN access to my Virtual machine. how can i do that? so that my application on my VM can be accessed by my vpn only. i have created point to site connection and downloaded vpn cline.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,543 questions
Azure Network Watcher
Azure Network Watcher
An Azure service that is used to monitor, diagnose, and gain insights into network performance and health.
173 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
285 questions
Accepted answer
  1. Sai Prasanna Sinde (Quadrant Resource LLC) 680 Reputation points Microsoft Vendor
    2024-10-07T04:26:11.46+00:00

    Hi @Arhanti Doshi

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    1. Deploy a VNet with two different subnets (Gateway Subnet, VM Subnet).
    2. Deploy VM in VM subnet and VPN in gateway subnet.
    3. Before creating certificates, open PowerShell as an administrator and check the "ExecutionPolicy" by running the command: Get-ExecutionPolicy. It should be RemoteSigned. If it is not in RemoteSigned, change it to RemoteSigned by running command: Set-ExecutionPolicy -ExecutionPolicy use tab to get a RemoteSigned.
    4. Create a self-signed root certificate: After setting the ExecutionPolicy to RemoteSigned, use the below script to generate a root certificate: (Open PowerShell run as an administrator, copy paste the below script). $params = @{ Type = 'Custom' Subject = 'CN=P2SRootCert' KeySpec = 'Signature' KeyExportPolicy = 'Exportable' KeyUsage = 'CertSign' KeyUsageProperty = 'Sign' KeyLength = 2048 HashAlgorithm = 'sha256' NotAfter = (Get-Date).AddMonths(24) CertStoreLocation = 'Cert:\CurrentUser\My' } $cert = New-SelfSignedCertificate @params
    5. Generate a client certificate: Next copy & paste the below script to generate a Child certificate in the same PowerShell console session: $params = @{ Type = 'Custom' Subject = 'CN=P2SChildCert' DnsName = 'P2SChildCert' KeySpec = 'Signature' KeyExportPolicy = 'Exportable' KeyLength = 2048 HashAlgorithm = 'sha256' NotAfter = (Get-Date).AddMonths(18) CertStoreLocation = 'Cert:\CurrentUser\My' Signer = $cert TextExtension = @( '2.5.29.37={text}1.3.6.1.5.5.7.3.2') } New-SelfSignedCertificate @params
    6. After generating Root & Child certificates, go to Manage user certificates > Personal > Certificates, you will find your latest generated root & child certificates (You can find it based on date).
    7. Right click on the root certificate > All Tasks > Export > you can click on next button and please select "Base-64 encoded" format (It is optimized for Point to Site configuration) > you need to browse a path (Ex: C Drive) to save the exported root certificate, give a name to the file and save it and then click on finish.
    8. Go to the location where you saved the exported root file, open it with a notepad or text and copy the code except begin and end certificate.
    9. Go to your VPN > Point to Site configuration > Maintain "Address pool, Tunnel type (Ex: IKEv2 and SSTP SSL, it supports both IKEv2 & SSTP) & Authentication type (Azure certificate)" > give the name of the root certificate and paste the copied code in public certification data and save it.
    10. Download the VPN client and connect to the VPN.
    11. Connect your VM by using Private IP via VPN. For your reference: https://zcusa.951200.xyz/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site

    Kindly let us know if the above helps or you need further assistance on this issue.

    If you feel that your quires have been resolved, please accept the answer by clicking the "Upvote" and "Accept Answer" on the post.

    Thanks,

    Sai Prasanna.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SUNOJ KUMAR YELURU 14,376 Reputation points MVP
    2024-10-06T10:34:34.1633333+00:00

    Hello @Arhanti Doshi

    Thanks for using Q and A forum.

    Here are some steps to create an Azure VPN Gateway solution:

    1. Create a new virtual machine without associating it with a public IP address
    2. Create a virtual network gateway in the same region as the VM and the virtual network
    3. Generate a certificate to configure the VPN gateway
    4. Download the VPN client and install it on the computer
    5. Install the client certificate locally on the computer
    6. Connect to the Azure VPN by going to the VPN client in the start menu or window search bar and clicking the Connect button

    Steps for Create and manage a VPN gateway

    User's image

    Connect to a virtual machine

    You can connect to a VM that's deployed to your virtual network by creating a Remote Desktop Connection to your VM. The best way to initially verify that you can connect to your VM is to connect by using its private IP address, rather than computer name. That way, you're testing to see if you can connect, not whether name resolution is configured properly.

    If this answers your query, do click Accept Answer and Up-Vote for the same. And, if you have any further query do let us know.

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.