Connecting to Azure VPN from Mac
This is our last article in these series. Last time we set up a connection to Azure from Windows-based machine this time we are going to look at how to do that on Mac.
First of all you need a ‘VpnServerRoot.cer’ file which is in the zip archive which can be downloaded from ‘Point-to-site configuration’ of your Virtual Network Gateway.
Double click on the file to install it in the keychain. You should select ‘login’ keychain.
As a side note. Double-clicking on the certificate might not display the ‘Add Certificates’ dialog, but the certificate will be installed in the correct store. To check this go to ‘Keychain Access’ and verify that ‘DigCert Global Root CA’ certificate is there.
The next step is to install client certificate. It’s similar to the steps above.
If the client certificate is password protected then the password dialog appears. Type in the password and hit ‘OK’ button.
It is going to be installed in the ‘login’ keychain too. Again, double check it in ‘Keychain Access’.
Well done! All required certificates are installed and we’re ready to set our VPN connection up now.
For that in the top right corner click on the Wi-Fi connection symbol to open a context menu. Select ‘Open Network Preferences…’
On the ‘Network’ window click on the Cross button in the bottom left corner under the list of available services.
Select ‘VPN’ in the list of interfaces. Select ‘IKEv2’ VPN type and provide a name for the VPN connection.
Now select the newly created service on the left hand side and enter a ‘Server Address’ and ‘Remote ID’. These can be taken from the ‘VpnServer’ element of the ‘VpnSettings.xml’ file which is in the same archive where the ‘VpnServerRoot.cer’ resides.
Next step is to click ‘Authentication Settings…’ button under the ‘Local ID’ field. Choose ‘Certificate’ authentication type ‘Certificate’ and hit ‘Select…’ button.
Now we need to select the client certificate which we’ve installed before. Find the certificate in the list, select it and click ‘Show Certificate’ button. Don’t rush with clicking ‘Continue’ button, we need some additional information for VPN configuration.
After you’ve clicked ‘Show Certificate’ button you should see the ‘Certificate Information’ section. The point of interest here is the name of the certificate on top of the ‘Certificate Information’ section.
Copy it. We’ll need to paste it into ‘Local ID’ field on ‘Network’ window after we finish with selecting of certificates. Now click ‘Continue’ button. We are done here.
You’ll return back to ‘Authentication Settings’ where you just click ‘OK’ button to confirm that you’re going to use selected certificate.
Now paste certificate name into ‘Local ID’ field to finish configuration.
All right, just click ‘Connect’ and you should be able to establish connection with your Azure virtual gateway. :) You also may see a window like this
To connect to VPN the client uses private key from keychain and we need to allow it to use this key. You can click ‘Allow’ but then you’ll have to do it every time when you connecting to VPN. So ‘Always Allow’ must be a good choice here. :)
Congrats! Now you have your VPN set up on Mac.
As a conclusion, we all try to deliver products ASAP but no one has to forget about such an important thing like security even though it’s just a development servers.
