The Azure VPN gateway is used to secure virtual network traffic (VNET) with IP security. Encryption methods are used to protect the data between these networks from the public network. We can utitlize three connection types:
- VPN connection from VNET to VNET
VPN connection from VNet to VNet
This is the most common VPN connection type. With this VPN connection, you can securely connect your local (home) computer to the Azure environment and log in to the environments via Microsoft Entra ID (formerly AAD). True Engineers set up this connection together with you. To do this, you need to register an Azure VPN application in the Azure Portal and also install a VPN client on your computer. You can provide multiple users and computers with this VPN client. If you are having issues, please contact us and we will assist you with the setup of this VPN client.
Set-up Microsoft Entra ID (AAD) authorization for Azure VPN
To easily log in with the Client VPN, we set up the VPN Point-to-Site connection with the same Microsoft Entra ID authentication as your “Office account”. To make this possible, you must give the Enterprise application Azure VPN permission on AD. If desired, you can also assign specific users to this. You must have “Global Administrator” rights for the authorization.
Follow these steps to complete the authorization:
- Log in to the Azure portal https://portal.azure.com with your Microsoft Entra ID AD account for the tenant the VPN will be used on. Click on this link.
- The following window appears. Click ‘Accept’.
3. Go to ‘Microsoft Entra ID’
4. Go to ‘Enterprise Applications’
5. Select the ‘Azure VPN’ app
6. Go to ‘Properties’ and set ‘Assignment required’ to ‘Yes’
7. Go to ‘Users and groups’ and add the respective group of users, which is supposed to get access via the VPN.
You can find instructions on how to install and use the Azure VPN client here:
- For Windows
- Download the latest version of the Azure VPN client here.
- For MacOS
- Download the latest version of the Azure VPN client here.
- For Linux workstations: The Azure VPN client is unfortunately not suitable for Linux.
Note: MacOS 13.5-14 users might run into a keychain error and need to install Rosetta. https://support.apple.com/en-us/HT211861
- Change Azure VPN Client Setting: “Open with Rosetta” -> ON
- Add Azure VPN to “Through System Preferences -> Privacy & Security -> Extensions”.
Site-to-Site connection
With a Site-to-site connection, two gateways are linked together in a secure manner, which is also called an IPSEC connection. To set up the IPSEC connection between networks, True engineers must configure the same settings in consultation with the Engineers of the other Gateway. For this, we have drawn up a list of settings with which we agree to use the same IPSEC encryption. Download the file below, to view those:
Follow official Microsoft documentation, if you would like to know more about Supported devices and default settings, Supported Encryption settings or Validated VPN devices and device configuration guides.
Point-to-Site connection
A point-to-site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer. P2S VPN is also a useful solution to use instead of S2S VPN when you have only a few clients that need to connect to a VNet.
True engineers will handle the initial setup of the VPN gateway instance within your Azure environment. This involves creating the gateway, configuring IP addresses, and establishing the necessary security settings.
Once the setup is complete, we will provide you with the essential information, including the specific IP-addresses and the Client Configuration file. This information is needed for establishing a Point-to-Side connection from your individual client to your Azure network.
To finalize the connection on your end, follow these steps:
- Download the Azure VPN client as stated above.
- Import the ‘Client Configuration’ file into the Azure VPN client. This file contains the necessary settings for your connection.
- Launch the Azure VPN client and establish the connection to your Azure network.
If you encounter any difficulties during the process, please contact us and we will assist you.