Monday, July 13, 2020

How to Connect with VPN?

A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet.

1.       Site-to-Site

2.       Point-to-Site

Site-to-Site

A Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it.

Point-to-Site

You use a Point-to-Site (P2S) VPN gateway to create a secure connection to your virtual network from an individual client computer. Point-to-Site VPN connections are useful when you want to connect to your VNet from a remote location.]

Connect virtual network from user machine step by step

We will create site-to-site VPN connection between local network (my machine) and azure virtual network. In this example we will use existing resource group (DJBlogs) which created in previous post. You can create new resource group.

This is the whole picture Which I will setup step-wise

Steps we need to follow to create VPN and connect from local machine

1.       Create a Virtual Network (DJVNet)

a.       Create a Gateway Subnet within the Virtual Network

2.       Create a Virtual Network Gateway (DJVNetGateway)

3.       Create a VM within the Virtual Network (DJVNet)

4.       Create the Root VPN Certificate (AzureVpnRootCert.cer)

5.       Create the Client Certificate (AzureVpnClientCert.pfx)

6.       User VPN configuration

7.       Download VPN Software

Virtual Network

First, we need to create virtual network for resources. Then we will connect the resource (VM) from our local machine. Azure Virtual Network (VNet) is building block for your private network in Azure. It helps to isolated and allows many types of Azure resources, such as Azure virtual machines (VMs), to communicate securely with each other.

Go to azure portal and create virtual network (DJVNet) as below

GatewaySubnet

After creating virtual network, we will create gateway subnet. Address range for subnet

GatewaySubnet - 10.10.1.0/24


Virtual Network Gateway

A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. You need to follow below steps to create virtual network gateway (DJVNetGateway)



Create virtual machine with in virtual network

Now we will create new resource (VM) inside virtual network and will try to access that VM from our machine with virtual machine private IP address. I am taking very low configuration “Window server 2016” virtual machine to show the demo. Please follow below steps to create virtual machine in virtual network.

Click on create button and set the virtual machine name (DJBlogs) and set user name and password. Which will help us to access the machine via remote desktop.

Choose the virtual machine size based on your requirement. I am taking B1s machine for demo purpose


After selecting virtual machine size, you choose the disk type (HDD) and virtual network (DJVNet) as below. No need to set public IP address. As I told above, we will access this virtual machine with private IP address

In last screen it will show you the summary of all options selected for this VM

Root VPN Certificate

We will create root certificate with help of makecert.exe command. First, we need to verify and set environment variable path for makecert in our local machine as below screen

Path: C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86

After setting the path now need run below command in PowerShell to create certificate

makecert -sky exchange -r -n "CN=AzureVpnRootCert" -pe -a sha1 -len 2048 -ss My "C:\Temp\Azure\AzureVpnRootCert.cer"

Folder Path: C:\Temp\Azure

Certificate Name: AzureVpnRootCert.cer



 It will automatically install certificate in your local machine. Now you export that certificate in Base 64 with help of CertMgr command to Convert to BASE64 without Password as below

Open Base64 Cert in Text Editor put in one line and paste into Azure Root Cert Settings


Create the Client Certificate

We need to create client certificate which help us to connect client with azure virtual network which created above. This PowerShell command help us to create client certificate

makecert.exe -n "CN=AzureVpnClientCert" -pe -sky exchange -m 96 -ss My -in "AzureVpnRootCert" -is my -a sha1

Once client certificate created than need to export certificate BASE64 with Password with help of CertMgr. This pfx file must be installed and distributed to users with VPN Software.

User VPN configuration

Now we will register root certificate with virtual network gateway which will help client to connect with virtual network and access the resources attached with it.

Address pool: 172.16.25.0/24

Download VPN Client Software

Once all this setup then needs to download VPN client from azure portal as showed in above screen


Click in “DJVNet” connect button

Download RDP file from azure portal and will connect with virtual machine which created above

After clicking in connect it will ask for username and password. You can see the IP address it is private IP (10.0.0.4) address of machine and we are able to connect it.

 

Summarized whole process in simple 10 steps

1) Create a Virtual Network

        1) Named: DJVNet

2) Address Space: 10.10.0.0/16

3) Subnet: 10.10.10.0/24

2) Create a GatewaySubnet within the Virtual Network

1) GatewaySubnet: 10.10.1.0/24

3) Create a Virtual Network Gateway (DJVNetGateway)

        1) Named: DJVNetGateway

2) Associate to Virtual Network DJVNet

4) Create a VM (DJBlogs) within the Virtual Network DJVNet

5) Create the Root VPN Certificate

        1) Set your local machine Environment variable Path- C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86

        2) Run Command - makecert -sky exchange -r -n "CN=AzureVpnRootCert" -pe -a sha1 -len 2048 -ss My "C:\Temp\Azure\AzureVpnRootCert.cer"

3) Run CertMgr to Convert to BASE64 - certmgr.msc

        4) Find Cert in Personal\Certificates and Export to BASE64 without Password

        5) Open Base64 Cert in Text Editor, put in one line and paste into Azure Root Cert Settings

6) Create the Client Certificate

        1) Command - makecert.exe -n "CN=AzureVpnClientCert" -pe -sky exchange -m 96 -ss My -in "AzureVpnRootCert" -is my -a sha1

2) Run CertMgr to Convert to PFX file - certmgr.msc

        3) Find Cert in Personal\Certificates and Export to BASE64 with Password

        4) This pfx file must be installed and distributed to users with VPN Software

7) Get up User VPN configuration in azure portal

        1) Address Space - 172.16.25.0/24

        2) Set up Root Certificate

              a) Name - AzureVPN

              b) Cert - Exported Root Certificate inline text

8) Download VPN client Software from azure portal

9) Install Client Cert

        1) Right Click On Client Certificate, Click Install

        2) Install VPN Software

10) Connect VPN via Network Connections

You can download artifacts from below url and connect with my VM created in VPN with below credentials

User name: djblogstest

Password: Djblogs@12345

Download below items 

1. VPN Client setup

2. Client certificate (Password: djblog) 

3. RDP file for remote login

Download 

Hope it will help you to connect with azure virtual network form your local machine.

Keep sharing keep learning

No comments:

Post a Comment