Connecting to Azure VPN from Windows
In the previous article we configured Microsoft Azure Virtual Network Getaway. In this article we are going to take a look at how we can set up our VPN connection on developer’s machine. So, let’s get started.
We already downloaded our VPN client at the end of the previous article but if you haven’t done it yet it’s high time to download it now. For that open your Azure Portal, select Virtual Network Getaway which we created last time and go to the ‘Point-to-site configuration’ tab. At the top of the configuration page you’ll find ‘Download VPN client’ button. Hit this button. It’ll take a little bit for Azure to generate your getaway specific VPN client bundle.
You’ll get an archive which contains of three folders: Generic, WindowsAmd64 and WindowsX86.
The ‘Generic’ folder is for configuring your VPN connection manually. We are going to take a look at it a little bit later. Two other folders contain architecture-dependable executables which automatically set up VPN on a computer. It’s quite simple to set up your connection just by running one of those executables. Unfortunately, quite often you may see the error like on the picture below when you try connecting.
Also, another issue with this particular VPN connection is that it lacks of configuration options which you may find quite useful.
Having that said let us take a look at how we can set up our VPN connection manually. For that, as you may already guessed, we need ‘Generic’ folder content. There you’ll find two files: VpnServerRoot.cer and VpnSettings.xml. We need to install that certificate in ‘Trusted Root Certification Authorities’ store. Leave store location as ‘Current User’ and on the next page select ‘Place all certificates in the following store’ option. Then click ‘Browse…’ button and choose ‘Trusted Root Certification Authorities’.
After the certificate’s installed you should see it as ‘DigiCert Global Root CA’ in your certificate store.
Lets go ahead and take a look at the second file in ‘Generic’ folder. It’s an XML file which contains VPN configuration parameters. The point of interest is the ‘VpnServer’ element. This is our unique VPN server address. Now when we have everything what we need for configuring VPN let us go to the ‘Network and Sharing Center’ and click on ‘Set up a new connection or network’.
This opens ‘Set Up a Connection or Network’ window. We need to select ‘Connect to a workplace’ and hit ‘Next’ button.
On the next screen select ‘No, create a new connection’ and hit ‘Next’ button. Now click on ‘Use my Internet connection (VPN)’.
Now we’ve got to the configuration window where we need to type in our VPN server address form ‘VpnServer’ element of our XML file and the name of our VPN connection (it’s just the name which helps you identify your connection among others on your PC).
Now when we’ve created our VPN connection we still need to fine tune it. For that in ‘Network Connections’ open context menu on your newly created connection and select ‘Properties’.
From here go to the ‘Security’ tab and configure the following settings:
- Set ‘Type of VPN’ to ‘Secure Socket Tunneling Protocol (SSTP)’
- Choose ‘Use Extensible Authentication Protocol (EAP)’ on the authentication section and select ’Microsoft: Smart Card or other certificate (encryption enabled)’ from drop down
Now click on ‘Properties’ button to select a certificate:
- Choose ‘Use a certificate on this computer’ in the when connection section
- Find your certificate which we created in the previous article in the list of ‘Trusted Root Certification Authorities’. If you don’t see it in the list then check that it’s imported under ‘Trusted Root Certification Authorities’
Now you good to go! All you need is (love 😊) to click connect to your VPN.
You might also notice that you’ve lost your Internet connection though. Let’s quickly sort this out. You need to open properties of your VPN connection once again and select ‘Networking’ tab, then ‘Internet Protocol 4(TCP/IPv4)’ and click ‘Properties’ button.
Hit ‘Advanced…’ button and on the ‘IP Settings’ tab uncheck ‘User default gateway on remote network’ checkbox.
Now you should have access to the Internet.
This configuration steps were made for the Windows-based machine but sometimes you need to have VPN access from you Mac. In the next article we will take a look at the configuration of VPN connection on Mac-based machine.