![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 94%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK1%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,593 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 81%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
Can someone guide me how to add the Azure VPN Client app to my tenant?
If you are trying to configure Azure P2S VPN gateway for Microsoft Entra ID authentication, then you need to follow the below documentation:
https://learn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant
- Sign in to the Azure portal as a user that is assigned the Global administrator role.
- Next, grant admin consent for your organization. This allows the Azure VPN application to sign in and read user profiles. Copy and paste the URL that pertains to your deployment location in the address bar of your browser: For Public: https://login.microsoftonline.com/common/oauth2/authorize?client_id=41b23e61-6c1e-4545-b367-cd054e0ed4b4&response_type=code&redirect_uri=https://portal.azure.com&nonce=1234&prompt=admin_consent
- Select the account that has the Global administrator role if prompted.
- On the Permissions requested page, select Accept.
- Go to Microsoft Entra ID. In the left pane, click Enterprise applications. You'll see Azure VPN listed.
As per the above doc, you need to sign in to the Azure portal as a user that is assigned the Global administrator role. If you are using a global admin account that is not native to the Azure AD tenant to provide consent, please replace “common” with the Azure AD directory id in the URL (https://login.microsoftonline.com/common/oauth2/authorize?client_id=41b23e61-6c1e-4545-b367-cd054e0ed4b4&response_type=code&redirect_uri=https://portal.azure.com&nonce=1234&prompt=admin_consent). You may also have to replace “common” with your directory id in certain other cases as well.
The Directory ID of the directory that you want to use for authentication is listed in the properties section of the Active Directory page.
Please refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant#enable-authentication
NOTE:
- Native member to Azure AD tenant is a member user or Azure AD member whose account is created via Azure AD > Users > Create user option in the tenant.
- A user not native to the Azure AD tenant means a user who is brought over from another directory as a business-to-business (B2B) collaboration guest (guest user).
To answer your 2nd question,
Yes, it is possible. For a point-to-site client to have access to a peered VNet, the peered VNet (the VNet without the gateway) must be configured with the Use remote gateways attribute.
The VNet with the VPN gateway must be configured with Allow gateway transit.
Hope this clarifies!
If above is unclear and/or you are unsure about something add a comment below.
Please don’t forget to close the thread by clicking "Accept answer" if the information provided helps you, as this can be beneficial to other community members.
Thanks,
Sai.