Share via

Windows Azure Point to Site VPN Step by Step

  • Article

There are many scenarios in which we have to provide Infrastructure resources access to remotely located developers who are working on the same project form different remote location. For this scenario we can host our Application Development at Microsoft Windows Azure and can built P2S VPN to provide each individual secure access to the Application Development hosted at Windows Azure.

Following are the requirements

  • A valid Microsoft Azure subscription
  • Microsoft  Windows SDK at client computer should be installed
  • Root and Client Certificate at client computers
  • Virtual Network in Azure
  • Virtual Network Subnet
  • Virtual Network Gateway in Azure
  • Virtual Network Gateway Subnet


First logon to Windows Azure, you must have valid Azure subscription and click New and Search Virtual Network.

Click on Virtual Network

Provide VNet Name, Address Space, Subnet Name, Subnet Address range, Subscription, Resource Group and Location.

Click Create after providing all necessary information.

Next Click New and Search Virtual Network Gateway, Select Virtual Network Gateway 

Click Create

You have to provide Virtual Network Gateway Name and select Virtual Network we created above

After Network selection you have to create public IP address for this Gateway

As you can see that it will take approximately 45 minutes the Gateway get ready

Let's create Root Certificate at Client machine.

You need to install Windows SDK on your machine and start PowerShell

After installing SDK open PowerShell and go this location

Create directory in C:\temp\Azure

At this point Root Certificate is successfully create, its time to create Client Certificate

Now we have to go to Certificate Manage to verify these certificates

  • Load MMC, Add the Certificates snap in for my user account.
  • Go into personal --> Certificates
  • Right clikc on MyAzureLabRootCert
  • Export the Root Certificate-->No, do not export the private key-->Base-64 encoded X.509 (.CER)--> Give Name & keep rest of things default
  • Export the Client Certificate-->Yes, export the private key, personal Information Exchange -PKS #12 (.PFX)--> & keep rest of things default
  • Open Base64 .cert file in wordpad, copy the key and go to Azure Gateway we created above
  • Click on point to site configuration--> paste the key in public certificate data--> give some name
  • At above define Network subnet from which your VPN client will get IPs--> click save
  • It will take a little time and gives you option to download the VPN client .exe file
  • Save it somewhere and run it with Run as Administrator, once installation finish-->click on your Lan network you will see the Point 2 Site VPN
  • Click on the connection name and connect
  • It will be connected, you can spin up a VM in the same network at Azure side and then can ping your VM from your client machine.