How To Mount File Share As Network Drive Using Point to Site (P2S) VPN
ฝัง
- เผยแพร่เมื่อ 11 เม.ย. 2020
- Azure Files offers fully managed file shares in the cloud using the SMB protocol. Azure file shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS. Additionally, Azure file shares can be cached on Windows Servers with Azure File Sync for fast access near where the data is being used.
You can use a Point-to-Site (P2S) VPN connection to mount your Azure file shares over SMB from outside of Azure, without opening up port 445. For this, you can configure a Point-to-Site (P2S) VPN for use with Azure Files. A Point-to-Site VPN connection is a VPN connection between Azure and an individual client.
Azure Virtual Network: Part 03 - Creating Point to Site VPN - • Azure Virtual Network:... - วิทยาศาสตร์และเทคโนโลยี
Super helpful and straightforward tutorial. Much clearer than some of the others I've seen.
Glad it was helpful!
You are a life saver. I was missing the private endpoint portion to connect to the shares. Thank you for this.
Glad it was helpful!
What a wonderfully simple explaination of this complicated process. 5 Stars!
Thank you so much. Glad it helped.
This video is a life-saver. We've been trying to do this for days and were finally able to after your tutorial. Thank you!
Glad it helped! Thanks
I have to personally thank you as well. Thank you Aquila! This exactly what I needed to roll out.
Thank you so much for watching the video and appreciating my efforts. Those kind words of appreciation motivates me to create more such contents.
Thank you again!!
This was amazing, keep up the great work!
Fantastic presentation. A million thanks.
Awesome!!! Worked perfectly! Major kudos!
Glad it helped!!! Thank you so much for watching and especially trying it out.
This is the best and simple way of learning.
thank you, well explained and it helped me solving the client vpn connection
You're welcome! Glad to hear that it helped
You're my personal hero. Thank you so much :-) Greetings vom Bavaria.
Wow, thank you so much! So glad to hear those kind words of appreciation.
excellent video. Great job. Thank you very much. Very proffesional !
Thank you very much! Glad you liked it! Those kind words of appreciation motivates me a lot.
Helped me a lot! Thank you very much!!
You're welcome! Glad it helped
Excellent video. Works great. Thank you.
Great to hear! Thank you so much.
Thank you so much this video helped me a lot!
Glad it helped!
Oh, you are a life saver. Thanks for this video!
Glad to hear it helped!
great video!
Thanks for making this video.
Glad it was helpful!
Thanks a lot, worked perfectly
Great to hear! Thanks
Saved my life many thanks!
Glad it helped! Thank you for watching.
Amazing video! Just a precision. Now in order to be detected the subnet created in the virtual network must be named "GatewaySubnet" without the 'W' being capitalized
Thank you so much, Marc. You are right. It must be 'GatewaySubnet'. Not sure where in the video I made that mistake. Can you point to the timeline where you see that problem? else I will have to go through the complete video :)
@@AzureTrainingSeries at 10:50! It’s not a mistake of yours. It’s Microsoft which changed it!
Got It! But even I should have written 'W' in small instead of Capital, as writing 'W' in the middle of the word does not make sense. Thank you again. It will help the viewers.
Thank you sir !
Most welcome!
Thanks for this video man. It was really helpful. Do you have any content on how to set up this for use with Active Directory???
I am struggling with that part....MS docs are confusing and most guys on YT videos are not very thorough.
I apologize as I really do not have any content that is readymade for this, but what actually is your use case and how do you intend to use it?
The option 'Private endpoint' is no longer in the same location as shown in your video. You can search for it via Home and then create it, etc. But I can't get it to work as you demonstrated.
excellent video, congratulations and thanks for this.
I have a question, why use 3 vlans, I understand that all the services could live in one vlan. Maybe security policies?
Hi SkoTy, First please accept my apologies. I was on a long vacation and was away from work. I hope you are asking about the three subnets? In case your response is yes, then the response is that one subnet is dedicatedly needed for virtual network gateway (VNG), so we need at least 2 subnets. For clarity I have create 3 subnets. Hope this is now clear.
i would love one made with Active Directory ntergration for the VPN gateway and the file share
Thanks a lot, Jorge for the idea. I will definitely make that one
hi sir, excellent i'm able to connect. can we apply folder based access like Read & Write permissions to O365 users
Hi Shyam, Its an excellent question. I have not tried that personally, but I guess if you have a hybrid scenario, where you have the Azure AD Sync with on-premises AD, you should be able to achieve this provided that you might need to assign permissions to the users in the Azure Storage under IAM. Please try once and let me know.
Superb Content! However I have one question.. Can we mount the azure file share on a non domain joined machine through ADDS credentials through point to site VPN?
As far as I think, it is not possible.
Can anyone help me mount File share in VM ... My scenario is that I want to mount file share at the time of VM creation and make it persist(Sync if files deleted/updated/added from VM). The way I want is through Powershell DSC extension in the Azure VM portal or through UserData(but could not use powersheel in Vm to run the powershell command provided by fileshare).
Thank you so much! How do we create the certificate?
Hi Ed,
I have created a separate video on how to create the P2S VPN Connection, where I have explained it. Below is the URL.
th-cam.com/video/AkhHgRjl_yU/w-d-xo.html
I have mentioned the commands as well in the description of the above video for creating the self-signed certificates.
Use the below commands with the MakeCert utility.
Root Certificate
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=P2SRootCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
Client Certificate
New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature `
-Subject "CN=P2SChildCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")
excellent video, how come my connection string looks slightly different. your username in the demo is azure\atcslsstoragefs but mine says localhost rather than Azure?
This is strange. What is the name of the storage account and file share in your configuration?
At 12:36, it looks like the portal has added a new prompt requiring one to select the availability zone. I assume it doesn't really matter which one I go with unless I need it to be redundant, right?
Absolutely! You are spot on....
Where is video to create self signed certificate?
Is there a way to use the fqdn of the storage account file share instead of using the private ip address?
As per my understanding, I have not seen the FQDN working. Need to check if there has been changes since the time this video was made.
Is it possible to get the FQDN to resolve to the private IP address when accessed through the VPN? or am I stuck using the private IP?
Yes, for that case, you might need to use a DNS Zone and map the FQDN to your private IP address
Can you use the Azure Active Directory for authentication or are you required to use the storage account user/password?
Hi Monty, thanks for watching. You need to use the storage account name as the user id (Azure\) and the key as the password. You cannot use the AAD account.
Hope this helps.
Is it normal for a VNGateway to take forever to be deployed? o.O
Oh, and thank you very much for such unambigous tutorial!
Not forever, but it does take a couple of minutes to get deployed. Actually it does not take much time, and by the way, thank you so much.
Is it possible to use ADDS authentication for private endpoint?
Yes, the authentication is possible for services/workloads using private endpoints
can we use basic gateway, Instead of Standard Azure Gateway
Hi Fardeen,
What basic gateway are you referring to?
I was able to connect successfully, but google drive seem faster to setup than file sharing Azure
It all depends on your requirements as to what is needed for your deployment in a particular scenario.
I am trying to connect the virtual network gateway to my virtual network but is says it is in use? How can I tackle that?
Are you using the Gateway subnet to create the VNG? On which step does it say "it is in use"?
Once connected to the VPN via MacOS Catalina, how do I connect to the server/network drive?
Hello Ryan, have you already configured the private endpoint? In case no, then that is the first thing to be done. Please let me know the step until where you have already completed. There are two links that I found relevant to your questions.
osxdaily.com/2010/09/20/map-a-network-drive-on-a-mac/
setapp.com/how-to/map-a-network-drive-on-mac
@@AzureTrainingSeries Do i need a separate private endpoint for the Mac connection as well as my previous windows 10 connection? I have already connected my windows PC to this network drive using VPN and Map Network Drive
No, you do not need an additional private endpoint. The previous end point will work. Did the link I shared with you not work? The problem is that I do not have the Mac OS to try and test that, but I can definitely guide you in case you can share the screen shots.I am in meetings throughout the day and screen share will not be possible, but I can definitely respond to your queries.
Hi Ryan,
It seems that you are connecting to the URI instead of the IP address. Nothing else seems to be incorrect. Assuming that 10.0.0.4 is the private endpoint address, you should connect to \\10.0.0.4\fwdmotionsync.
Also, choose guest and not registered user because that is not a registered user in AD or in the subscription.
If you have enabled public access what is the point of using P2S VPN ? 😅
There can be multiple different usages or practical scenarios for having such a configuration.
Anyone having issues with explorer crashing when not connected to azure vpn and then trying to open explorer to do other work?
Hi Mark,
This issue has never been reported earlier and even I have not faced such issue.
@@AzureTrainingSeries I setup the file share, setup the s2s, setup the p2s, mapped the drive to a laptop, installed azure vpn, then mapped the drive. worked great. Take pc home and dont join azure vpn and cannot use explorer at all. Working with windows and azure support
im gettting an error 83 with azure vpn client
Can you please copy-paste the complete error and the time in the video where you are getting error.
Very helpful video. If you are trying to connect to the vpn from a mac pay very close to what happens at: th-cam.com/video/7jrrdmb0LbU/w-d-xo.html
You MUST select "IKEv2 and SSTP." The mac vpn config will expect that you are using IKEv2. Beat my head against the wall for a few days, thinking I had effed up the certs, when I really had not set the tunnel type config correctly.
Hi I am not able to connect to fileshare
Hello Madhu,
What is the issue you are facing? Can you please elaborate?
@@AzureTrainingSeries
Hi
I have installed vpn and connected to it successfully. But problem is when I am trying to acces fileshare with private ip it is saying "Windows cannot acces \\10.0.1.6\hotfolder"
@@madhumatha7020 Can you please let me know if the private endpoint was created to correctly point to the files within the storage account? Also, please confirm that while mounting, you are using the fileshare name and not the storage account name. Additionally, I hope you have a VPN connection via SSTP.
@@AzureTrainingSeries Yes I have created private end point to the Storage account and Vpn connection via SSTP and mounting with private ip followed by fileshare name... And later user name I given as Azure/storage ame and key1 as password
I guess the problem is that you are giving the username as Azure/storage name. It should be a backward slash "\", and it should be followed by the file share name and not the storage account name. Can you share their individual names (Storage and Fileshare)
I unable to map network drive at 23:48 timeline and i got the error of "the folder could not be found". 🥲I noticed that when I copied the script from file share (after click "Connect" button), the username is showing as "localhost\". Is this changes will effect anything?