14: How to create an Azure Point to Site (P2S) VPN connection using PolicyPak VPN Manager
Jun 02, 2021
2068
Prerequisites:
- Your Azure P2S Root certificate (in 'Certificates - Current User\Trusted Root Certificate Authorities \Certificates')
- Your Azure P2S Child certificate (in 'Certificates - Current User\Personal\Certificates')
For more info see: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
- Export of EAP connection info from a working Azure P2S VPN connection, recommend using this PowerShell script to export this info: https://github.com/richardhicks/aovpn/blob/master/Get-EapConfiguration.ps1
For more info see: https://kb.policypak.com/kb/article/1050-policypak-vpn-manager-create-always-on-vpn-connections-in-an-instant
Step 1: Import the Azure P2S PFX certificate (that contains the P2S Child, and P2S Root certificates, and Private key) either manually or by using PPScripts.
PPScripts Example:
Note: Only needed if P2S certificates are not already present on endpoint.
Step 2: Create P2S Azure VPN connection using PolicyPak VPN Manager
- Create a new PolicyPak VPN Manager Policy under either computer configuration or user configuration side.
- Use something descriptive for the “Connection name”, choose Automatic for the “Connection type”, and fill out the remaining necessary info required (IP address, default server checkbox, etc.) then click “Next”.
- At the “VPN connection Settings” screen select “Certificates” from the “Authentication method” dropdown list, then import the EAP information you exported earlier from a working Azure P2S VPN connection, then click “Next”.
TIP: Optionally, check the option to “Remember credentials on each logon”.
- At the “DNS Settings (Optional)” screen you can fill out the information or click “Next” to skip this screen.
- At the “Proxy Settings (Optional)” screen you can fill out the information or click “Next” to skip this screen.
- At the “Split Tunneling (Optional) screen you can fill out the information or click “Next” to skip this screen.
- At the “Trusted Network Detection (Optional)” screen you can fill out the information or click “Next” to skip this screen.
- At the final “Policy Settings” screen provide a descriptive name for the policy and then click “Finish”.
- Lastly, apply and test the policy, if successful you will see a new VPN connection created that matches the connection name you specified in #2 above. Connect using your new Azure P2S VPN connection to ensure the connection is successful.
