Azure - VPN Point to Site | Step By Step Tutorial

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi so I want to demonstrate here how to create a point to site VPN to an azure virtual network so the first thing I'm going to do is create a VPN network or create a virtual network so what I'm going to do here is just type in virtual network so I'm creating this within my resource group here and so I'm just going to choose the virtual network click create so in this demo it's going to be step by step and the steps I'm going to take is create the virtual network create the virtual network gateway create a VM and then I am going to create a root certificate for the VPN client and once I create the VPN client I am going to log into my VPN via the local IP address and so the first step here is to create just a virtual network in the address space I am going to use is 10 1000 and I want to to the 16 nodes so that is 64 K nodes and the subnet I'm going to use for my VMs is it's just going to be default and I want this in the address range with 256 nodes and that looks good so this is the sub Network where I'm going to create my VMs whereas this is the entire address space of my virtual network so I'm going to click create here and wait for the virtual network to get created okay so that took about a minute to create I'm going to go back here where my resources are and I am going to click refresh just to make sure the virtual network straight so the virtual networks created here which is great now I am going to create the virtual network gateway and I'm going to click create here and I'm simply going to name it gate wavy net for the virtual network that this is going to be the Gateway for and I'm going to keep this VPN and route based I'm going to click basic here just because it's cheaper and it meets my traffic needs and so you'll notice that the my v-net didn't show up yet so I'm just gonna pause and wait for it to show up as a choice here now actually there's a very good reason why my v-net 0/1 is not showing up here is because I forgot to create the gateway subnet so let me go ahead and do that here I'm going to go back and I'm going to discard these changes so the v-net zero one that I've created I'm going to go into that virtual network and create my gateway subnet and once I create my gateway subnet I'll be able to attach it to the Gateway so if I go into subnet here you'll notice there's a button up here called gateway subnet and the address that I'll give it is actually 10:10 one and I'm going to click okay and that gateway subnet is going to be traded now notice notice there was no choice of the name I can only have one gateway subnet so this is going to be the gateway to my other subnets that I have within this virtual network and now that I've done that I should be able to ad Gateway so I'm going to type in virtual network gateway choose the Gateway click right here and type in the so the convention I'm going to use is gateway V net1 which indicates it's the gateway from my virtual network 0 1 I'm going to click basic here and now my v-net one is going to show up and thank goodness it has I'm going to choose that as the virtual network I want to associate with this gateway and it's also going to create a public IP for which the VPN is going to go through and luckily when I create this it actually works going through the corporate firewall because it's simply SSTP VPN so the protocol it uses is sstp here for the VPN and you'll notice it says here to create a virtual gateway it takes as long as 45 minutes so I'm going to click create here and I'm going to pause the video and wait for this to be created so I'm going to click OK here forgot to click okay and click great okay so that piece is going to take 45 minutes to create and so while that's occurring I am going to create a VM I'm type in Windows server here so I'm going to create a VM in the first subnet make sure it's in resource manager so they notice all of these resources I've created as a resource manager instead of in the classic so make sure you do that and I'm going to call this wordless that's my server and make sure I have these in the proper locations so I'm doing this I'm creating a VM within my subnet that I'm going to be able to VPN into while the Gateway is being created because that does take up two foot it usually takes about 15 minutes so while this is occurring I am just going to choose a basic configuration so feel free to jump ahead in this video while your so what I'm going to do here is choose basic and next I'm going to be choosing the virtual network that I'll be placing this VM into and the VPN that I'm using camera be creating against these this virtual network and I don't need a public IP here and the firewall rules I'll be using one that I've already set up and so I'm going to go ahead and let that create so notice that this VM I am creating in my 10-10-10 subnet which is why I named it that way for demo purposes it's a lot easy to remember now keep in mind that these are reserved addresses so the 10.0.0.0 is a reserved address for these Ayana standards so my VM here is going to be created I'm going to pause the video here for a while and wait until the resources are being completed so I'm back into my resource group here and I'm going to click on the gateway to see the status of my Gateway and you notice it's still updating and if I look at the notifications both of those both the VM and the Gateway still being deployed so I'm going to pause here and wait until those are completed so while those resources are being deployed let me show you the next steps so I have to create a root certificate for the VPN so what I'm going to do here is go to the windows development kit download and you're going to have to download this if you don't already have the windows development kit and now I am creating the root certificate for my VPN and I'm going to have these resources or the certificate ready for your download if you don't want to create it by hand here so you could download it from my description area so I'm going to go into PowerShell here I've already have this installed and it is located in my program files x86 Windows kit 10 bin x86 folder so if I do a dir I am going to use the mixer so you see this is the mixer dot exe here and I'm going to go into das to do that I'm going to type CMD and what I'm going to do here is add this to the path so I'm going to set my path variable notice I'm in the command shell after I typed in CMD I'm going to set the path now I'm going to go into a temp directory and I'm going to create my certificates so the camp command I'm using is make search and this is going to be the VPN root certificate and that was successful so I'm going to show you that certificate if I go into Explorer you notice that certificates been created and you might want to install the certificate but I'm pretty sure its installed based on that command so in order to find that out I am going to go into certain manager here so I'm just typing insert manager here and you'll notice in personal like going to certificates and I scroll through here some are scroll through here I'm going to sort by expiration date and it should go all the way to the top so you'll see it was installed and this is the azure VPN root certificate now what I have to do is I actually have to export this so I'm going to right-click I'm gonna say all tasks and I'm going to export and I got to export it into a text readable format because that's what Azure accepts so I'm going to choose don't export the private key and I'm going to choose base64 here and I want to type in my location and I'm going to type in this whole thing except that it's going to be a sixty-four and I'm going to export the base64 version of that certificate and I'm going to right-click and open it up in WordPad or text pad and that's how the certificate looks that's how the root certificate looks now I have to get this all in one line and you'll see why so I'm going to just get rid of the new the new lines here and put this all in one line so that I could cut and paste it so you'll notice now it's all in one line and I'll leave that here for now let me check on the status of the gateways appointment so one of these succeeded it's still so the second thing I have to do is create the client certificate off of the root certificate so what I'm going to do here is go back to my certificate so my certificates are here and keep in mind this is the root certificate so I'm going to create the client certificate so once I have all this set up I am going to have to download the VPN client that's created specifically based on this root certificate and I have to distribute that with the client certificate in order for say my coworker or my friend or anybody I'm working with to use the VPN client and the certificate tool to VPN into the virtual network and I'm going to demonstrate all of that so let me do that now I'm going to go back to my DOS prompt PowerShell and I am going to put in this command that creates the client certificate off of the root certificate and you'll notice the client certificate has been created I'm going to go back again into the cert manager and I'm going to right click on certificates and I'm going to refresh and when i refresh you notice there is the clients certificate now and that's the root certificate and I should sort this too so you can get a better look here so you see here that's the client certificate and that's the root certificate and I'm going to export this because I might have to distribute this to my fellow friends or coworkers who also want a VPN in and I am going to say export private key and I'm just going to select the default and the file format is going to be a pfx file and I am going to choose password password now I'm going to have both of these certificates in the description area so if you don't want to generate these certificates in the way that I've just done here then you can use the certificates I've already created without having to create it yourself and the password here is just password so if you use my certificates just remember that the password is just password lowercase all lowercase and I am going to generate we file and I'm going to call a cache or VPN client cert gfx so once I get the vegan client I will have to distribute that with this pfx file and keep that in mind later on when that step when I when I get to that step so it looks like the gateway is still deploying in the background here so I'm just going to pause the video and wait for that deployment to finish so while the Gateway is being deployed in the background let me create a text file with the key in it here public-key all in one line so this is going to be relatively easy for you to just cut and paste this entire line here and the time comes so you will get all of these artifacts and I'll have a downloadable zip file in my description area for you to download all of these certificates in case you don't want to generated yourself or you don't want to install the Windows 10 SDK software development kit then you could simply use these and get it working so let me double check this mixture what the status of listening so this is still deploying pause here come back later so looks like the Gateway has deployed so I'm going to go into the Gateway settings so this is the virtual network gateway settings that I'm going into and I'm going to click on point to site configuration and I am going to configure the address pool as this now keep in mind this 170-220 is a reserved space and you might want to check with your corporate your IT staff to make sure this is open but typically you can choose anything from 170 216 to 170 2.31 I believe 31 or 33 I can't quite remember I just chose 2020 just uh because it's easy for me to remember and it works in my network but likely it will also work in yours too I'm going to type in Azure VPN and this is where you need the public certificate so the cert that I squished down to one line so keep in mind I squished it down to one line I'm just going to copy and paste it and this is used to generate the VPN so I'm going to tab off and I'm going to click save here so the Gateway did take a good 45 minutes so you'll notice here I started at around 3:30 and it finished at 407 so the Gateway did take about 45 minutes to actually complete and now it's updating here and after it's done updating this button here will be activated to download VPN button and you'll notice here that the VPN button is now activated and I'm going to click here to download the VPN client and notice there is a 64-bit version and an x86 version so it's generating the VPN client now based on my root certificate and I just want to reiterate here where the root certificate comes from so the root certificate is the one where I created using this command so I'll have all of these instructions here of which will automatically work if you follow exactly the same settings that I've done but you can change it and have it particularly to your situation as far as the address spaces and all of that but I'll have this in the zip file in the description area for download so keep in mind where this certificate comes from I generated the root certificate I've generated the root certificate and then I went into cert manager and I exported it as base64 and when I export as base64 let me open it it's like this and I squished it down into one line by getting rid of the new lines at the end and I copy and pasted that into this settings area and now the VPN is active for me to download so I'm going to click download here and I'm going to save and what ends up happening and now now I have the downloads and it is VPN too because I've done it a couple of times so I'm gonna what I'm gonna do here is normally when you're going to have to distribute this pfx file that you export it to anyone that wants to install the client and so when they get this pfx file they'll have to right-click on it or actually just double click on it and import and install the and install the certificate and if you download from me the password is simply password and keep these settings and it's going to be finished and it's imported successfully and now I just have to install the VPN client and you'll notice quickly it's been installed and what I can do now is check my network connection at the bottom here and you'll notice there is a VPN I'm simply going to click connect click continue and I'm going to choose my cert so I'm going to choose the client cert that I import it and you'll notice now I am connected if I look here I am connected and if I go into PowerShell and I type in ipconfig /all you'll notice here I have an IP address of 172 20 20.1 and where that comes from is this address pool here from the VPN gateway and if I go to the virtual machine let me click on this virtual machine that I created in that subnet you will notice that the IP address is 1010 10.4 so I'm going to click on my remote desktop client and that's the IP address I am going to click connect and you'll notice now I am Rd peeing into the private IP address prompt me for my password for the VM and there you go that is it that is how you set up a VPN point to site and I hope this helps I will have those artifacts zipped up and downloadable in the description area so if you don't want to once again if you don't want to create your own certificate you could use my certificates you know there there's no real harm in doing so for practical purposes I mean you know that you still need a specific configuration to connect to that to that virtual to to that virtual network so but that's really it that's all I wanted to show and I hope this helps and thank you for watching

Info

Channel: CodeCowboyOrg

Views: 121,696

Rating: undefined out of 5

Keywords: Azure, Azure Resource Manager, Point to Site, Site to Site, Point to Site VPN, VPN, Azure VPN, How to create Azure VPN, VPN to Azure, Virtual Network Gateway, Virtual Network VPN, VPN tunnel, how to VPN to Azure, how to VPN, create VPN, tutorial, step by step, beginner, how to, how, Resource Manager, New Azure, how to create a VPN, how to VPN into, connect, connect sites

Id: -GEEv_7xrEo

Channel Id: undefined

Length: 31min 28sec (1888 seconds)

Published: Mon Dec 19 2016