How to Configure Azure P2S VPN for Working from Home

Share on linkedin
LinkedIn
Share on twitter
Twitter
Share on facebook
Facebook
IT Networks How-To Logo

Are you stuck working from home and need to configure Azure P2S VPN to gain access to the infrastructure hosted in your business cloud? The good news is that you absolutely can do this, using Azure’s P2S VPN service. This post will take your through 25 comprehensive and easy steps that will help you set it up and enjoy getting work done a lot easier.

The current pandemic has forced many businesses to turn their workforce into virtual workforce overnight. Collectively, we have taken a lot of things for granted, including technology driven workplace and what now looks like light-weight workforce mobility.

Subsequently, not everybody is as prepared in terms of IT support as we should be. Almost like pioneers, we are learning to do things differently, doing things we have never had to do by ourselves. We all need to stretch our capabilities.

But sometimes we just need a little help. So, here it is.

What you need to get started with Azure at home

Azure P2S (Point-to-Site) uses SSL based digital certificates (Port 443) so it should work well in situations where remote workers are connecting from restrictive networks.

There are some pre-requisites to use Azure when working from home. You will need:

  • Azure Virtual Network
  • Network Subnet
  • Virtual network gateway already setup

If you meet those pre-requisites, you can follow these 25 sure-fire steps to configure Azure’s P2S VPN on your home system.

Here are 25 Steps to Configure Azure’s P2S VPN at Home

  1. Open Powershell ISE to create the root and client certificates
  2. Paste in the following into Untitled1.ps1
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=MyCompanyVPN" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
New-SelfSignedCertificate -Type Custom -DnsName MyCompanyClient -KeySpec Signature `
-Subject "CN=MyCompanyClient" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")
  1. Execute the script but clicking Run Script
    Execute the script but clicking Run Script
  2. Open Windows mmc.exe
  3. Add Snap-in > Certificates > My user account
  4. Expand Certificates > Personal > Certificates
    Expand Certificates. Personal. Certificates
  5. Export the Root certificate, choose to not export the private key
    Export the Root certificate
  6. Choose Base-64 encoded, continue to finish the export
  7. Export the Client certificate, choose to export the private key
    Export the Client certificate
  8. Accept all defaults for .PFX
  9. Assign a password to the certificate, continue to finish the export.
  10. Log into the Azure Portal
  11. Open the Virtual Network Gateway blade, choose Point-to-site configuration
    Open the Virtual Network Gateway blade, choose Point-to-site configuration
  12. Create the configuration as follows
  13. Address pool, type in a network that will be assigned to VPN users
  14. Choose Authentication type as Azure certificate
  15. The Name will be the same name provided during certificate creation in Powershell ISE
  16. Open the Root certificate exported earlier (*.cer) with notepad
  17. Highlight and Copy the data between the BEGIN and END, do not copy the BEGIN header and END footer
    Copy the data between the BEGIN and END
  18. Paste in the data into the Public certificate data, then Click Save
  19. Allow Azure to process the changes, this will take about 5 minutes then Click Download VPN Client
    Allow Azure to process the changes then Click Download VPN Client
  20. On your client PC, install the *.PFX certificate.
  21. Run the VPN Client setup file.
  22. Click Connect
    Run the VPN Client setup fileRun the VPN Client setup file
  23. All done

If you get stuck, call out to your IT support. Or, you can contact IT Networks.