Difference between revisions of "Azure/VPN"
From SETV Springfield Technical Wiki
m (→Create Self-Signed Root Certificate) |
m (→Point-to-Site) (Tag: Visual edit) |
||
| Line 1: | Line 1: | ||
| − | Step-by-set on how to set up VPNs in Azure | + | Step-by-set on how to set up VPNs in Azure <ref>https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-point-to-site-create</ref> |
== Point-to-Site == | == Point-to-Site == | ||
For roaming and individual users, connect a machine to the Vnet using a certificated VPN Profile. | For roaming and individual users, connect a machine to the Vnet using a certificated VPN Profile. | ||
| − | === Create Self-Signed Root Certificate === | + | === Create Self-Signed Root Certificate<ref>https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site</ref> === |
You need to use [[PowerShell]] to create the certificates. | You need to use [[PowerShell]] to create the certificates. | ||
* Run PowerShell as Admin | * Run PowerShell as Admin | ||
| Line 30: | Line 30: | ||
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2") | -Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2") | ||
| − | Next | + | === Export Client Certificate === |
| + | * Export the Key run <code>certmgr.msc</code> | ||
| + | * Navigate to <code>'Certificates - Current User\Personal\Certificates'</code>, and right-click. Click All Tasks, and then click Export. | ||
| + | * Yes, export private key, Next, | ||
| + | * Enter a password for cert import | ||
| + | * Browse to and export the file. | ||
| + | * Give to client | ||
| + | * Double click *.pfx file, installs cert | ||
| + | |||
| + | === How to connect === | ||
| + | Download the VPN Client installer from Azure portal | ||
| + | |||
| + | Client certificate is INDEPENDENT of the client installer downloaded. The downloaded installer can be distributed. | ||
| + | |||
| + | On Imaged machines, make sure to IMPORT the *.cer file that is embedded in the .exe file. <ref>http://stackoverflow.com/questions/16320918/windows-azure-virtual-network-point-to-site-connection-error</ref> | ||
| + | |||
| + | Once the Root cert is added to the Trusted Authority group, the exe file can now install on the win.10 machine, and the profile is now added to the VPN blade in Settings. | ||
| + | |||
| + | Attempt to connect and test. | ||
[[Category:Platinum Healthcare IT]] | [[Category:Platinum Healthcare IT]] | ||
Revision as of 07:53, 12 March 2017
Step-by-set on how to set up VPNs in Azure [1]
Contents
Point-to-Site
For roaming and individual users, connect a machine to the Vnet using a certificated VPN Profile.
Create Self-Signed Root Certificate[2]
You need to use PowerShell to create the certificates.
- Run PowerShell as Admin
- Run this command clanging "P25RootCert" to a a static name
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature ` -Subject "CN=P2SRootCert" -KeyExportPolicy Exportable ` -HashAlgorithm sha256 -KeyLength 2048 ` -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
- Export the Key run
certmgr.msc - Navigate to
'Certificates - Current User\Personal\Certificates', and right-click. Click All Tasks, and then click Export. - Export format as
Base-64 encoded X.509 (.CER)
Generate Client Certificate
Get-ChildItem -Path “Cert:\CurrentUser\My”
Find your Root Cert and copy the {Thumbprint}
$cert = Get-ChildItem -Path "Cert:\CurrentUser\My\{THUMBPRINT}"
Use the below code to create the Client certificate
New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=P2SChildCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")
Export Client Certificate
- Export the Key run
certmgr.msc - Navigate to
'Certificates - Current User\Personal\Certificates', and right-click. Click All Tasks, and then click Export. - Yes, export private key, Next,
- Enter a password for cert import
- Browse to and export the file.
- Give to client
- Double click *.pfx file, installs cert
How to connect
Download the VPN Client installer from Azure portal
Client certificate is INDEPENDENT of the client installer downloaded. The downloaded installer can be distributed.
On Imaged machines, make sure to IMPORT the *.cer file that is embedded in the .exe file. [3]
Once the Root cert is added to the Trusted Authority group, the exe file can now install on the win.10 machine, and the profile is now added to the VPN blade in Settings.
Attempt to connect and test.