Microsoft Azure - Point-to-Site Connectivity
In the last chapter we saw how an endpoint can be created to access a virtual machine; it is quite a tedious task. If a virtual machine in a virtual network is to be connected to an on-premises machine, point-to-site connectivity is required. Point-to-site connectivity makes working with remote virtual machines very productive.
Basically, an on-premises machine is connected to the virtual network using point-to-site connectivity. However, we can connect up to 128 on-premises machines to the virtual network in Azure. Access to the virtual network in the cloud is granted via a certificate. The certificate must be installed on each local machine that must be connected to the virtual network.
Enabling point-to-site connectivity on an existing virtual network
If you have already created a virtual networkin Azure, you can access it in the management portal.
Step 1 - Log in to the Azure management portal.
Step 2 - Click on "Networks " in the left panel and select the network you want to work with.
Step 3 - Click on "Configure " as shown in the following image.
Step 4 - Check the "Configure point-to-site connectivity " box. This will allow you to enter the starting IP address and CIDR.
Step 5 - Scroll down and click on 'add gateway subnet '.
Step 6 - Enter the gateway subnet and click“ Save ”. The message displayed in the following screen will appear.
Step 7 - Click Yes and point to site connectivity is established.
You will need a certificate to access your virtual network.
Create a new virtual network with point-to-site connectivity
Step 1 - Click New → Network Services → Virtual Network → Custom Creation.
Step 2 - Enter the name of the network, select the location and click Next.
Step 3 - On the next screen, select "Configure point-to-site VPN" and click next.
Step 4 - You can select or enter the starting IP address and select CIDR.
Step 5 - Enter the subnet and click on 'Add Gateway Subnet ' as before and enter the required information.
Step 6 - Point-to-site connectivity is complete.
Step 7 - Click on the network name, as it is 'MyNet ' in the image above.
Step 8 - Click on 'Dashboard ' as shown in the next screen.
You will see that the passerelle is not yet created. For this to happen, you will need to generate a certificate first.
Point-to-site VPN only supports self-signed certificates.
Create an ate certificate
Step 1 - Go to the link msdn.microsoft.com or google 'Windows SDK for 8.1 '. Then navigate to the msdn link or the version of Windows you want to use the tool for.
Step 2 - Download the circled file as shown in the following image. It will be saved as an .exe file named sdksetup on your machine.
Step 3 - Run the file. While running the installation wizard, when you reach the next screen, decoat the circled part. By default, they are checked.
Step 4 - Once the installation is complete, run the command prompt as administrator on your computer.
Step 5 - Enter the following commands one by one to create a root certificate
cd C: Program Files (x86) Windows Kits 8.1 bin x64 makecert - sky exchange -r -n "CN = MyNet " -pe -a sha1 -len 2048 -ss My
The first command will change the directory in the command prompt. In the ci command above, replace the highlighted part with the name of your network.
Step 6 - Then enter the following command to create the client certificate.
makecert-n "CN = MyNetClient " - pe -sky exchange -m 96 -ss My -in "MyNet " - is my -a sha1
Step 7 - Find 'mmc ' on your computer and run it.
Step 8 - Click on "File " and "Add / Remove Snap-in ".
Step 9 - In the screen that appears, click on "Cert ificate 'then on ' add '.
Step 10 - Select 'My user account ' and click 'Finish '.
Step 11 - Expand 'Current user ' in the left panel, then 'Personal ' then 'Certificates '.
You can see the certificates here.
Step 12 - Right click on the certificate and click on 'All Tasks ' then on 'Export '.
Step 13 - Follow the wizard You will need to name the certificate and select a location to save it.
Download the certificate
Step 1 - Log in to the Azure management portal.
Step 2 - Go to the network and click on "Certificate", then on "Download the root certificate".
Step 3 - Click on Browse and select the location of the certificate you just created.
Download the Client VPN package
The Client VPN package will connect you to the network.
Step 1 - Go to the Network Dashboard in the Azure Management Portal.
Step 2 - Scroll down and locate the following options on the sidescreen right.
Step 3 - Select the appropriate option and download it. You will see a similar file on your computer. Run and install it.
Step 4 - When you install it, Windows might try to prevent it. Choose" Run anyway "if this happens .
Step 5 - Navigate to "Networks" on your computer and you will see an available VPN connection as shown in the following image.
Step 6 - Click on this network as in this example 'MyNet ' and connect. You will be connected to the network.