Your situation might be different from mine.įirst of all, log on to the management portal and download the 32bit and 64bit VPN Client packages. These steps achieve what I needed to achieve. There might be better or more effective ways to reach the same goals. I’m in no way an Azure expert, so don’t just take my word for everything you read here. The steps shown here are the steps I took to reach certain goals. Let’s see how many, if any, of these goals can be accomplished.Īlmost forgot the disclaimer again. Nice to have: We want to custom brand the startup screen and icons for the VPN Client software.We want the Root Certificate to be deployed when the VPN client software is installed.We need my on-premises subnet to be routed through the VPN adapter.To summarize the shortcomings we found in the VPN Client package provided by Azure: The information and methods provided in this post are the results of an evening of tinkering and brainstorming with colleague Michael Verbeek (congrats on your official Azure certification!). You should copy the root certificate from the terminal and paste it on the Azure portal and save the configuration by clicking on save button.As I mentioned in the previous post, the Client VPN software that is generated for you to be able to connect your client to the P2S (Point-to-Site) Azure VPN solution, has a few shortcomings, at least for my situation. The above script will generate and export root and client certificates. In this tutorial, I have used PowerShell commands, Variables $CertLocation = 'C:\temp\VPN' $Cert = 'AndroidClient.pfx' $CertName = "$CertLocation$Cert" Create a self-signed root certificate if((Test-Path -Path $CertLocation -ErrorAction Silentl圜ontinue) -eq $false) $cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature ` -Subject "CN=AndroidRoot" ` -KeyExportPolicy Exportable ` -HashAlgorithm sha256 ` -KeyLength 2048 ` -CertStoreLocation "Cert:\CurrentUser\My" ` -KeyUsageProperty Sign -KeyUsage CertSign Generate a client certificate New-SelfSignedCertificate ` -Type Custom ` -DnsName P2SChildCert ` -KeySpec Signature ` -Subject "CN=AndroidClient" ` -KeyExportPolicy Exportable ` -HashAlgorithm sha256 ` -KeyLength 2048 ` -CertStoreLocation "Cert:\CurrentUser\My" ` -Signer $cert ` -TextExtension Export Certificates $RootCert = (Get-ChildItem ` -Path "Cert:\CurrentUser\My\"` | Where-Object ` -Property subject ` -Match AndroidRoot) $ClientCert = (Get-ChildItem ` -Path "Cert:\CurrentUser\My\"` | Where-Object ` -Property subject ` -Match AndroidClient) Export-Certificate ` -Type CERT ` -Cert $RootCert ` -FilePath "$CertLocation\AndroidRootTemp.cer" Export-Certificate ` -Type CERT ` -Cert $ClientCert ` -FilePath "$CertLocation\AndroidClient.cer" C:\windows\system32\certutil.exe -encode "$CertLocation\AndroidRootTemp.cer" 'AndroidRoot.cer' Get-Content $CertLocation\AndroidRoot.cer $SecurePassword = Read-Host ` -Prompt "Enter Password to Export Cert with Private Key" ` -AsSecureString $ThumbPrint = $ClientCert.Thumbprint $ExportPrivateCertPath = "Cert:\CurrentUser\My\$ThumbPrint" Export-PfxCertificate ` -FilePath "C:\temp\VPN\AndroidClient.pfx" ` -Password $SecurePassword ` -Cert $ExportPrivateCertPath PowerShell commands ( New-SelfSignedCertificate) - For Windows 10 or windows 2016 datacenter.Generating and Exporting root certificate and client certificate for authenticationĪs said in the previous point, you should create self-signed root certificate using anyone of the below mentioned methods, Address pool should be selected from the range of gateway subnet.Ģ.You need to create a self-signed root certificate and should paste the same in the root certificate column and save the configuration. Now, set the tunnel type as OpenVPN(SSL) and authentication type to certificate method. Select your VPN gateway and hover to the point-to-site option on the blade.You can refer deployment of an Azure VPN gateway from this Azure Documentation. This tutorial assumes that there’s been already a VPN gateway deployed in your subscription and point-to-site has to be configured on it. ✔Testing the connectivity Configure P2S configuration in VPN Gateway with OpenVPN protocol: ✔Installing and configuring profile in OpenVPN client on Android device. ✔Installing client certificate on Android device ✔Generating and Exporting root certificate and client certificate for authentication ✔Configure P2S configuration in VPN Gateway with OpenVPN protocol During this tutorial you will learn how to: In this tutorial, we will connect an Android device to Azure P2S VPN using Open VPN protocol.
0 Comments
Leave a Reply. |