A VPN gateway is a specific type
of virtual network gateway that is used to send encrypted traffic between an
Azure virtual network and an on-premises location over the public Internet.
1. Site-to-Site
2. Point-to-Site
Site-to-Site
A Site-to-Site VPN gateway connection is used to connect
your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1
or IKEv2) VPN tunnel. This type of connection requires a VPN device located
on-premises that has an externally facing public IP address assigned to it.
Point-to-Site
You use a Point-to-Site (P2S) VPN gateway to create a
secure connection to your virtual network from an individual client computer.
Point-to-Site VPN connections are useful when you want to connect to your VNet
from a remote location.]
Connect virtual network from user machine step by
step
We will create site-to-site VPN connection between local network
(my machine) and azure virtual network. In this example we will use existing resource
group (DJBlogs) which created in previous post. You can create new resource
group.
This is the whole picture Which I will setup step-wise
Steps we need to follow to create VPN and connect from
local machine
1.
Create a Virtual Network (DJVNet)
a. Create
a Gateway Subnet within the Virtual Network
2.
Create a Virtual Network Gateway (DJVNetGateway)
3.
Create a VM within the Virtual Network (DJVNet)
4.
Create the Root VPN Certificate (AzureVpnRootCert.cer)
5.
Create the Client Certificate (AzureVpnClientCert.pfx)
6.
User VPN configuration
7. Download VPN Software
Virtual Network
First, we need to create virtual network for resources. Then
we will connect the resource (VM) from our local machine. Azure Virtual Network
(VNet) is building block for your private network in Azure. It helps to
isolated and allows many types of Azure resources, such as Azure virtual
machines (VMs), to communicate securely with each other.
Go to azure portal and create virtual network (DJVNet) as
below
GatewaySubnet
After creating virtual network, we will create gateway
subnet. Address range for subnet
GatewaySubnet - 10.10.1.0/24
Virtual Network Gateway
A VPN gateway is a specific type
of virtual network gateway that is used to send encrypted traffic between an
Azure virtual network and an on-premises location over the public Internet. You
need to follow below steps to create virtual network gateway (DJVNetGateway)
Create virtual machine with in virtual network
Now we will create new resource
(VM) inside virtual network and will try to access that VM from our machine
with virtual machine private IP address. I am taking very low configuration “Window
server 2016” virtual machine to show the demo. Please follow below steps to
create virtual machine in virtual network.
Click on create button and set the virtual machine name (DJBlogs)
and set user name and password. Which will help us to access the machine via
remote desktop.
Choose the virtual machine size based on your requirement. I
am taking B1s machine for demo purpose
After selecting virtual machine size, you choose the disk
type (HDD) and virtual network (DJVNet) as below. No need to set public IP
address. As I told above, we will access this virtual machine with private IP
address
In last screen it will show you the summary of all options
selected for this VM
Root VPN Certificate
We will create root certificate with help of makecert.exe
command. First, we need to verify and set environment variable path for
makecert in our local machine as below screen
Path: C:\Program Files (x86)\Windows
Kits\10\bin\10.0.19041.0\x86
After setting the path now need run below command in PowerShell
to create certificate
makecert -sky
exchange -r -n "CN=AzureVpnRootCert" -pe -a sha1 -len 2048 -ss My
"C:\Temp\Azure\AzureVpnRootCert.cer"
Folder Path: C:\Temp\Azure
Certificate Name: AzureVpnRootCert.cer
Open Base64 Cert in Text Editor put in one line and paste
into Azure Root Cert Settings
Create the Client Certificate
We need to create client certificate which help us to connect
client with azure virtual network which created above. This PowerShell command
help us to create client certificate
makecert.exe
-n "CN=AzureVpnClientCert" -pe -sky exchange -m 96 -ss My -in
"AzureVpnRootCert" -is my -a sha1
Once client certificate created than need to
export certificate BASE64 with Password with help of CertMgr. This pfx file must be installed and
distributed to users with VPN Software.
User VPN configuration
Now we will register root certificate with virtual network
gateway which will help client to connect with virtual network and access the
resources attached with it.
Address pool: 172.16.25.0/24
Download VPN Client Software
Once all this setup then needs to download VPN client from
azure portal as showed in above screen
Click in “DJVNet” connect button
Download RDP file from azure portal and will connect with
virtual machine which created above
After clicking in connect it will ask for username and password. You can see the IP address it is private IP (10.0.0.4) address of machine and we are able to connect it.
Summarized whole process in simple 10 steps
1) Create a Virtual Network
1) Named: DJVNet
2) Address Space: 10.10.0.0/16
3) Subnet: 10.10.10.0/24
2) Create a GatewaySubnet within the Virtual Network
1) GatewaySubnet: 10.10.1.0/24
3) Create a Virtual Network Gateway (DJVNetGateway)
1) Named: DJVNetGateway
2) Associate to Virtual Network DJVNet
4) Create a VM (DJBlogs) within the Virtual Network DJVNet
5) Create the Root VPN Certificate
1) Set your local machine Environment variable Path- C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86
2) Run Command - makecert -sky exchange -r -n "CN=AzureVpnRootCert" -pe -a sha1 -len 2048 -ss My "C:\Temp\Azure\AzureVpnRootCert.cer"
3) Run CertMgr to Convert to BASE64 - certmgr.msc
4) Find Cert in Personal\Certificates and Export to BASE64 without Password
5) Open Base64 Cert in Text Editor, put in one line and paste into Azure Root Cert Settings
6) Create the Client Certificate
1) Command - makecert.exe -n "CN=AzureVpnClientCert" -pe -sky exchange -m 96 -ss My -in "AzureVpnRootCert" -is my -a sha1
2) Run CertMgr to Convert to PFX file - certmgr.msc
3) Find Cert in Personal\Certificates and Export to BASE64 with Password
4) This pfx file must be installed and distributed to users with VPN Software
7) Get up User VPN configuration in azure portal
1) Address Space - 172.16.25.0/24
2) Set up Root Certificate
a) Name - AzureVPN
b) Cert - Exported Root Certificate inline text
8) Download VPN client Software from azure portal
9) Install Client Cert
1) Right Click On Client Certificate, Click Install
2) Install VPN Software
10) Connect VPN via Network Connections
You can download artifacts from below url and connect with my VM created in VPN with below credentials
User name: djblogstest
Password: Djblogs@12345
Download below items
1. VPN Client setup
2. Client certificate (Password: djblog)
3. RDP file for remote login
Hope it will help you to connect with azure virtual network
form your local machine.
Keep sharing keep learning
Easy sharing. Online info storage data centric infrastructure area sites furthermore enable you comfortably share information, photos in addition to video with your solution companions, enjoyed ones anywhere they are. Just select the information you want to open for sharing, as well as likewise the consumers you certify can access the info.
ReplyDeleteThe following article aims to provide a brief introduction to the concept of mobile VPN, how it works and its potential applications in business and the public sector. A Virtual Private Network or VPN is a mechanism which allows users to securely connect to local networks from remote locations across public networks using encrypted parcels of data and authentication at each end point. The term mobile VPN, or mVPN, refers to systems in which users of portable devices such as mobile phones, tablets and laptops connect securely to fixed local networks... deep web
ReplyDeleteVPN services are becoming common in most companies, especially those where a lot of work based travel is involved. Given its importance and the cost involved, purchasing VPN is an important decision. If looking to purchase VPN for your company or private use and haven't the slightest idea how to go about it, then this article should help you out. work from home jobs
ReplyDeleteConnecting to an Azure Virtual Network involves establishing a secure network link between Azure resources or on-premises networks. This enables seamless communication, allowing resources to work together effectively. What Windows Best Methods include VPNs, Azure ExpressRoute, or VNet peering for private, reliable connectivity tailored to specific needs.
ReplyDelete