How to Configure Azure Point to Site VPN Step By Step | Azure Point to Site VPN Certificate | AZ P2S
ฝัง
- เผยแพร่เมื่อ 17 ต.ค. 2020
- In this video I have explained how to configure Point to site VPN connection step by step by using Self-signed certificates. I have used windows 10 Powershell to generate the self signed Root as well as Client certificate,
Following commands were used to generate the certificate:
Root Certificate:
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=NameofyourRootCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
Client Certificate:
New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature `
-Subject "CN=NameOfYourChildCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")
To know more about VPN Gateways:
docs.microsoft.com/en-us/azur...
Beautifully explained. Thank you.
Awesome Video, great work! I used your video as I was having issues, with your video I clearly saw my mistake. Keep it up!
Thanks for the support 🙏 and feedback
Thank you for the simple explanation.
love this Buddy,
Well explained.
Great job! Thank you
such a beautiful explanation, i just want to know why there are so many less videos in azure? why arent you guys uploading more such stuff?
Excellent Tutorial...!
Point to Point explanation - Thanks
Excellent demo , worth watching
Thanks for this. It has really helped
Very good explanation. Thank you for doing this. I was able to connect to my Azure environment. Just one suggestion, not sure if you mentioned, when using powershell login as an administrator.
Very too good explanation sir thanks a lot 👏🤝
Fantastic video
Good Explaination and i am doing the practical on my lab ang i am taking RDP of virtual server
Thanks for this
Thanks for your sharing, it help much
Thanks for the video. Any chance you'll make a video on using the openvpn client?
Hi…thanks again..do I need to download a root and child certificate for each client computer I want to connect to azure?
Thanks for the this, May I know what was the address space in the current situation
gr8 video....But i have a question....I think you have installed Root certifcates on powershell of VM WS01 and Client certificates on Powershell of your Local laptop???? Am i right....Is this like that????? Because i am confused as you installed both certificates on your Local Machine.....please help.
Thank you. Can you tell me why it's recommended to use Enterprise CA?
@ Hi Raj, in an organisation you ll have to make have sure that creation and management of certificates should be secure, easy and streamlined which you can achieve with Enterprise CA, self signed certificates re good for POC and individual use cases
Hello sir can we use same command in Linux while creating an root and client certificate
Hello can you provide poweshell command for creating certificate
can a Site-2-Site VPN and a Point-2-Site VPN use the same public IP-Address in azure?
This is a wonderful video. However, I would like to know where did you get the IP address of the " Address pool" ? is it the IP address of the remote user who wants to connect?
This value is pretty much arbitrary. So think of it this way, every user who uses your P2S (point-to-site), will need an IP on their VPN device (which should appear as a network device on their machine). The IPs you chose for this setting must not collide with any networks that user has on their computer. This is key otherwise they will have some routing issues. The creator of this tutorial did state that it should not overlap so using a non-routable IP address is a good idea (AKA RFC1918 IP addresses).
172.16.31.0 - i hope is the laptop Private IP from which you are trying to connect to azure. Please help clarify it
I have also same doubts, have you cleared this?
@Raghavendra, apologies for being late to answer this, the IP which you have mentioned is not the Laptop private IP, its the IP pool from which IP would be assigned to the VPN client dynamically
apologies for being late to answer this, the IP which you have mentioned is not the Laptop private IP, its the IP pool from which IP would be assigned to the VPN client dynamically
Dear,
if i have more than 1 client machine is goint to connect vpn, then do i need to make root and client certitifate from each machine? pease advice
Did you get an answer??
Hi, if you need to connect more than one client machine then all of them need a valid certificate,which can be generated from the same root certificate and export it to other clients
Hi I get a parmeter cannot be found to matches Parameter "Type"
What is error 720 and how to fix it?
tried installing the VPN client, i am getting the error "This profile was not built for this processor architecture" any suggestions pls
@ Sandy, thanks for watching, there re two process architecture in the downloaded package, if you re using a 64 bit windows processor use amd64 one else x86
Please, i don't have root certificate when i used $cert = Newself...
What is the problem for me? Think you dear sir
@ wafaa, Did you check in the certificate manager, run certmgr command in power shell and check
Please make same video but authentication type should be azure active directory
@Vipul, sure I ll try to upload the same asap
Do I need to remove the public IP from the Azure VM?
@Funmito, Public IP not needed for point to site vpn, it would communicate on one of the assigned private ip, so you can remove the public IP
@@BeCloudGuru Thank you, I have about three client windows 10. Do I need to install the client certificate on each of the computers or I just install the vpn client downloaded from the p2s connection created?
Areyou assuming that you already created a VM?
showing A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)
@Tushar, have you followed all the steps from video,it looks like you missed something
try to rootceritified from client powershell
Hai how can we connect Linux RED HAT RHEL 7.7 to azure portal by using VPN gate way
@Sairam, yes you can connect the RHEL vm as well through this,but you would need ssh client to connect
@@BeCloudGuru can you please tell how to connect I have connected to Linux vm and I have created Vpn gate way in the azure portal then I did point to site configuration but unable to install client certificate in Linux could please tell me the process..Here in this Linux is on perm Machine
IS P2S VPN is applicable to access Azure VM to On premises resource
@Vijay, it's applicable to access Azure VMs from On prem
@@BeCloudGuru please upload a video for that same
Hi Guru, am successful connected but while am try to connect my on premiese windows10 to vm DC error
Hello! I have followed the procedure but there is an error 789.
What should I do?
@Hamid, thanks for watching the video, can you please elaborate on the error you re getting, is it error 789 or 798 (a certificate could not be found.....) if its this one then see if you have the correct certificate on the client on which you re trying to connect from or if you have added the certificate then it might have been added to the personal store as shown in the video @11:13 not in the computer store
@@BeCloudGuru I have followed the procedure but there is an error 789. am too facing same error
I get an error, access is denied when running the rdp file
@Furminto, which RDP file you re talking about
getting error
-Subject : The term '-Subject' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:2 char:1
+ -Subject "CN=NameOfYourChildCert" -KeyExportPolicy Exportable `
+ ~~~~~~~~
+ CategoryInfo : ObjectNotFound: (-Subject:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
When are you getting this error? Please follow the tutorial in sequence as explained,there should not be any error.
You have created the one v net gateway and one virtual machines. What you have pinged bro.
@vasanth, as this is a point to site connection between my laptop and the azure VM,I have pinged azure VM from my laptop.
@@BeCloudGuru after configure azure vm not pinging
@@MrZ____ Have you allowed ping from the vm end, if it's windows server latest editions, ping by default is disabled
@@BeCloudGuru keeps rocks guru yes it was now started connect and working, this way can we connect win client to join domain ?
@6:28 - no security, not even an firewall, are you crazy ????