Share via

Configuring Client VPN PowerShell on Microsoft Azure (ARM)

  • Article

https://4.bp.blogspot.com/-zqaHrJVzPK4/V1XDk5eB3zI/AAAAAAAAaJc/g1fph-1mY-gDWbKsUsQYmhIVQ7GnuP1PwCLcB/s200/Simply-click-Connect-to-start-the-point-to-site-VPN.png

Introduction

A VPN connection is established to initiate a connection from the client computer to the corporate environment, it is created to tunnel directly to the Gateway in your network. The Client to Site is an excellent solution when you want to connect to your Vnet from a remote location.

https://1.bp.blogspot.com/-6xL4bL3jfFI/V1hMlExTDsI/AAAAAAAAaSg/ZpvEmXhJmTsJY4kZJqXvVrpJebJYDQDzgCLcB/s400/point2site.png

Today, lets see how to configure a VPN Client to Site "in ARM environment in Microsoft Azure. With the upgrade of the new environment on ARM (Azure Resource Manager) is not yet available to create VPN Client to the Portal Site. To make the configuration you need to install the "Azure PowerShell de WebPI 1.0" and will also need the Windows Software Development Kit (SDK) for Windows 8.1 or Windows 10 will depend on the version of Windows you are using.

Configuring VPN Certificate

**
**

With the installation of the module Azure PowerShell and the Windows SDK, let's start the settings. Open the Windows Azure Active Directory Module for Windows PowerShell in administrator mode.
Access the folder where the mackcert.exe with the command "cd "C:\Program Files (x 86) \Windows Kits\10\bin\x64 ", then execute these commands to create the certificate.

.\makecert.exe -sky exchange -r -n "CN=RootMyCompanyP2SAzure" -pe -a sha1 -len 2048 -ss My "RootMyCompanyP2SAzure.cer"

**
**

.\makecert.exe -n "CN=ClientMyCompanyP2SAzure" -pe -sky exchange -m 96 -ss My -in "RootMyCompanyP2SAzure"

**
**

https://4.bp.blogspot.com/-1v4-J-isQB4/V1ct1WHwKvI/AAAAAAAAaNY/9upqr01Lb9Ig-MLhDbJ2VVB1GagPEdskQCLcB/s400/3.jpg

**
**

After the creation of the certificate upload the Root certificate, then let's export the file using Base64 encoding. Now we export a ".cer" and grab the code binary.
Open the MMC in "Current User" then go to Personal > Certificates, then right-click the certificate RootMyCompanyP2SAzure > All Tasks > Export.

https://3.bp.blogspot.com/-rFUbVETxGYc/V1db5HGpXCI/AAAAAAAAaNw/We5Qkigp7ZoKjtL_mqlVZZtEnJh5XYcxwCLcB/s400/15.jpg

Click "Next".

https://4.bp.blogspot.com/-X3Z7FIp9gyI/V1dcSQA2QjI/AAAAAAAAaN4/xNGnbD98k0IOIQMUm0_CWwtjEvh8yZDVwCLcB/s400/21.jpg

Click "No, do not export the private" then click "Next".

https://2.bp.blogspot.com/-JwmevKXxTFs/V1dckgjm8II/AAAAAAAAaOE/unfDBGnvhTwe3Ba1SDfWDqu41yRoHoh3gCLcB/s400/16.jpg

Select "Base-64 encoded X.509(.CER)", then click "Next".

https://1.bp.blogspot.com/-_NRDnU19UTM/V1ddFS9cKfI/AAAAAAAAaOQ/ToK4R5pm8CMpq8qy0QfH3Qoqsn_q4dSnwCLcB/s400/17.jpg

Now choose a directory where you will save your certificate, then click "Next"

https://4.bp.blogspot.com/-gOLA4FD9Eb0/V1ddpBu5ZmI/AAAAAAAAaOc/sb3k8jlMwa8cvpBYHlkDSOoFWjXFjcYqgCLcB/s400/18.jpg

Click "Finish", your certificate has been exported properly.

https://1.bp.blogspot.com/-T89Qt9oRKbk/V1dd_0ts2lI/AAAAAAAAaOo/iZO-qsYxDzMnpphWbgp7SDBYxK7uFv_0QCLcB/s400/19.jpg

Now open the certificate with the notepad and get the binary code.

https://3.bp.blogspot.com/-fQjGUgvpFyI/V1deYNOChpI/AAAAAAAAaO0/TQEtgE3e4Eg4m-lDQKkcwWeFCAT06wj3gCLcB/s320/20.jpg

With the code in hand, we will assign a variable "$CertificateText" with the binary code, run the following command.
Note: Do not put the full code to not get the extensive article, but when is copy need to copy it in full, as the image below.

$CertificateText = "MIIDBTCCAfGgAwIBAgIQjKyXqsvp345L2pqzHnjZ9TAJBgUrDg"

https://4.bp.blogspot.com/-lgJvrf78J9g/V1dft7WMmbI/AAAAAAAAaPE/C0LzTGvffgAa8gtYAA-57cvHgGHeI9_ugCLcB/s400/4.jpg

Exporting PFX Certificate

Now we export the .PFX certificate with a password to make available to users of VPN, export the certificate with a password. Remembering that this certificate will be made available to users.

https://4.bp.blogspot.com/-JeVpLwlyCL8/V1dxMLGJ4LI/AAAAAAAAaQ4/1VfwZDHp36sh3dNGZBwsw21nvuCK06puQCLcB/s400/22.jpg

Configuring VPN Client To Site

Logue in the Azure with the command "Login-AzureRmAccount", then choose the signature you will use the VPN, run the command.

Select-AzureRmSubscription -SubscriptionName "Signature"

https://3.bp.blogspot.com/-SrbA8wmZ_d8/V1YdvQynCcI/AAAAAAAAaMg/nloUlW_6gKUm35B8_ba5fyDxe5_WGEHDQCLcB/s400/0.jpg

Now we assign a variable with "$Gw", run the command by adding the VirtualNetworkGateway and the ResourceGroupName.

$Gw = Get-AzureRmVirtualNetworkGateway -Name VNET-GW -ResourceGroupName Network

**
**

https://4.bp.blogspot.com/-Z9NLK1YV2YI/V1Yfku-IqfI/AAAAAAAAaMs/69CVpbOSAlYYsnAFk3WtrPjxVnY4WjoOACLcB/s400/1.jpg

Let's add an IP pool to which to connect using that IP range. Run the command.

Set-AzureRmVirtualNetworkGatewayVpnClientConfig -VirtualNetworkGateway $Gw -VpnClientAddressPool "192.168.50.0/24"

**
**

https://4.bp.blogspot.com/-RIMR5qRfUgs/V1YgTiQnjXI/AAAAAAAAaM4/QIBJvCY-nOglf1T6x6P_uSN4xw2vxsXrQCLcB/s400/2.jpg

Now assign a variable "$rootCert" binary code for the VPN client and the resource group, run the following command.

$rootCert = Add-AzureRmVpnClientRootCertificate -VpnClientRootCertificateName "RootCraftP2SAzure.cer" -PublicCertData ($CertificateText) -VirtualNetworkGatewayName $gw.Name -ResourceGroupName MyNetwork

**
**

https://1.bp.blogspot.com/-k6BRS4FAmms/V1dmYA2Wd8I/AAAAAAAAaPU/Hm2yi9OtEUofxslp5GZ04YmnImzfD7GoACLcB/s400/5.jpg

Ready "VPN Client" is created with the certificate, now let's download the client in 64-bit or 32-bit. To perform the download, run the following command it will generate a link for download.

Get-AzureRmVpnClientPackage

Add the following information, as shown in the example below:

ResourceGroupName: VNET-GW

VirtualNetworkGatewayName: MyNetwork

ProcessorArchitecture: Amd64

**                                                                  Amd64**

https://2.bp.blogspot.com/-lF27dHqhWZc/V1dqaq6hqiI/AAAAAAAAaPg/LXxbfhb1rdkZJz1gy1J-K4EJSDzjjBEvwCLcB/s400/6.jpg

                                                                 **  X86**

https://2.bp.blogspot.com/-7b3lEIasWWk/V1dqagKOpII/AAAAAAAAaPk/PjHl-phHn8YTYrz_dPBooSXFzVpX87uKwCLcB/s400/7.jpg

Installing the VPN Client

After installing the Client, click VPN.

https://2.bp.blogspot.com/-N7LLHHXdw70/V1drIVgyd1I/AAAAAAAAaPw/EtJ7zeBs4VUD5QuVitaYlPvrV5xHWoWNQCLcB/s400/8.jpg

Click Connect.

https://3.bp.blogspot.com/--35VqQCY-k8/V1drJpBpTuI/AAAAAAAAaP4/GZXhNtEc8qEjctnfyjDECxII8rSqL3leQCLcB/s400/9.jpg

https://2.bp.blogspot.com/-JNGx-sWp8vo/V1dsU8ad2MI/AAAAAAAAaQE/qvk0UJ0qlBUtxDMQwvutWLZnst59LfeOACLcB/s400/10.jpg

Now he's going to create the routes between your computer and the VPN, click "Continue"

https://4.bp.blogspot.com/-YaVwsW91piQ/V1dst5nYglI/AAAAAAAAaQM/gdP1WO3GRbQKY2tdv0Jn5nAzi8Pih4dCACLcB/s400/11.jpg

Wait for the connection.

https://1.bp.blogspot.com/-_o0iE9rWk3o/V1ds1TOUR_I/AAAAAAAAaQU/Yr5EG-aTrb4Rwxj7cFfX5vzfqbzJnVaqACLcB/s400/12.jpg

Ready your VPN is accessing your environment within the Azure.

https://2.bp.blogspot.com/-bx5D1-sQw4Q/V1dtArh0hmI/AAAAAAAAaQc/vYTQMkO7D20BfZhi5jxTxWTh2wDSeCajACLcB/s400/13.jpg

A ping to test communications with your network on Azure.

https://4.bp.blogspot.com/-GLtoPdpjyZc/V1dtU8NparI/AAAAAAAAaQo/-Ckyy4pC5L8mpTNlualXrCuu55Jf7QX9wCLcB/s400/14.jpg

Ready VPN configured successfully.

Credits:

This document was originally published as http://www.micheljatoba.com.br/2016/06/configurando-client-VPN-via-powershell.html  and has been reproduced here to allow the community to correct any inaccuracies or provide other improvements until you update the original version of this topic.