Canarys | IT Services

Blogs

Creating a Point-to-Site Connectivity using Azure Resource Manager

Date:
Author:
Share

Configure a Point-to-Site connectivity to a VNet using PowerShell (ARM Mode)

Task 1: Create a Self-Signed certificate

 

1.

Login to your Visual Studio Virtual Machine using your credentials. Create a folder C:P2S Certificates.

 

1

 

 

2.

Navigate to C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Visual Studio 2012Visual Studio Tools and Run VS2012 x64 Cross Tools Command Prompt as an administrator.

2

3.

Run cd C:P2S Certificates.

3

4.

Run the command:

makecert -sky exchange -r -n "CN=RootCertificateName" -pe -a sha1 -len 2048 -ss My "RootCertificateName.cer"

4

 

5.

Verify that your certificate is there in the folder C:P2S Certificates

5

 

 

Task 2: Copy and store the Public Key of the root certificate in a safe location

 

1.

Go to Run and type certmgr.msc. Click Run

21

 

2.

In the certmgr window, expand Personal and click on Certificates. Right click the certificate RootCertificateName àAll Tasks à Export

22

 

 

3.

In the Certificate Export Wizard, click Next -> No, do not export the private key -> Next

 

23

 

4.

Choose Base-64 encoded X.509 (.CER) format and then click Next. In the next window, enter C:P2S CertificatesPublicKey.cer and then click Next.

24

 

5.

Click Finish and then click OK

25

 

6.

Verify that the PublicKey.cert file is there in the folder C:P2S Certificates

26

 

Task 3: Copying Public Key in a new notepad file

 

1.

Right click the PublicKey.cert file and open with notepad.

 

31

 

2.

Remove ——BEGIN CERTIFICATE and —–END CERTIFICATE—–

    32

 

3.

Start removing the spaces from the bottom left corner. Repeat until you get a straight line of the Text in the notepad.

    33

4.

Save the file as PublicKeyText.txt in the same folder.

    34

 

 

Task 4: Creating a New Virtual Network with VPN Gateway using Azure PowerShell

 

1.

Open Azure PowerShell on your PCs and type Login-AzureRmAccount

41

 

2.

Enter your azure credentials and click on Sign in

42

 

3.

Choose a subscription by running the cmdlet Get-AzureRmSubscription

43

 

4.

Select that subscription by running the cmdlet Select-AzureRmSubscription -SubscriptionName "Name of subscription".
Replace the “Name of Subscription” with the subscription name you chose in previous step.

44

 

 

5.

Copy the below script in a new notepad file

 

$VNetName  = "MyName-VNET4"                   #Replace MyName with YourName

$FESubName = "FrontEnd"

$BESubName = "Backend"

$GWSubName = "GatewaySubnet"

$VNetPrefix1 = "182.168.0.0/16"               #Replace 168 with your Attendee number

$VNetPrefix2 = "12.254.0.0/16"                #Replace 254 with your Attendee number

$FESubPrefix = "182.168.1.0/24"               #Replace 168 with your Attendee number

$BESubPrefix = "12.254.1.0/24"                #Replace 168 with your Attendee number

$GWSubPrefix = "182.168.200.0/26"             #Replace 168 with your Attendee number

$VPNClientAddressPool = "172.16.201.0/24"

$RG = "MyName-RG"                             #Replace MyName with YourName

$Location = "Central US"

$DNS = "8.8.8.8"

$GWName = "MyNameGW4"                         #Replace 4 with your Attendee number

$GWIPName = "GWIP4"                           #Replace 4 with your Attendee number

$GWIPconfName = "gwipconf4"                   #Replace 4 with your Attendee number

$P2SRootCertName = "ARMP2SRootCert4.cer"      #Replace 4 with your Attendee number

 

$fesub = New-AzureRmVirtualNetworkSubnetConfig -Name $FESubName -AddressPrefix $FESubPrefix

$besub = New-AzureRmVirtualNetworkSubnetConfig -Name $BESubName -AddressPrefix $BESubPrefix

$gwsub = New-AzureRmVirtualNetworkSubnetConfig -Name $GWSubName -AddressPrefix $GWSubPrefix

 

New-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $RG -Location $Location -AddressPrefix $VNetPrefix1,$VNetPrefix2 -Subnet $fesub, $besub, $gwsub -DnsServer $DNS

 

$vnet = Get-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $RG

$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet

 

$pip = New-AzureRmPublicIpAddress -Name $GWIPName -ResourceGroupName $RG -Location $Location -AllocationMethod Dynamic

$ipconf = New-AzureRmVirtualNetworkGatewayIpConfig -Name $GWIPconfName -Subnet $subnet -PublicIpAddress $pip

 

$MyP2SRootCertPubKeyBase64 = "Paste your Public Key Here"

$p2srootcert = New-AzureRmVpnClientRootCertificate -Name $P2SRootCertName -PublicCertData $MyP2SRootCertPubKeyBase64

 

New-AzureRmVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG -Location $Location -IpConfigurations $ipconf -GatewayType Vpn -VpnType RouteBased -EnableBgp $false -GatewaySku Standard -VpnClientAddressPool $VPNClientAddressPool -VpnClientRootCertificates $p2srootcert

 

6.

Replace the Values as specified in the comments

46

7.

Paste your Public Key Obtained from Task 3 in the double quotes of $MyP2SRootCertPubKeyBase64 variable.

 

47

8.

Save the file as CreateVNetWithCertificate.ps1

 

48

 

9.

Run PowerShell ISE as an administrator and run the above Script.

 

 

10.

Wait for a couple of minutes for the script to take its required action. Your output should be similar to this:

410

 

 

 

 

Task 5: Downloading the VPN Client Configuration Package

 

1.

In the same PowerShell_Ise window, run the cmdlet:

Get-AzureRmVpnClientPackage -ResourceGroupName $RG -VirtualNetworkGatewayName $GWName -ProcessorArchitecture Amd64

51

 

2.

Copy the URL from the output and run it in your browser.

52

3.

Save the client certificate in a safe location lets say C:P2S Certificates.

53

 

 

Task 6: Generating and Installing the Client Certificate from the Root Certificate

 

1.

Navigate to C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Visual Studio 2012Visual Studio Tools and Run VS2012 x64 Cross Tools Command Prompt as an administrator.

61

2.

Run cd C:P2S Certificates.

62

3.

Run the command:

makecert.exe -n "CN=ClientCertificateName" -pe -sky exchange -m 96 -ss My -in "RootCertificateName" -is my -a sha1

 

 

4.

Open Run using Win + R and Open certmgr.msc

 

64

 

5.

Expand Personal -> Certificate. Right click ClientCertificateName -> All Tasks -> Export.

 65

 

6.

Click Next and then Select Yes, export the private key and then click Next

   66

    

7.

Follow the further steps as described in the image below. Type Passwords as Desired.

67

8.

Select the directory to C:P2S Certificates to store the certificate with name PrivateKey.pfx. Click Finish then.

16.   68

9.

Click OK.

  69

10.

Confirm that the file is exported in the directory C:P2S Certificates

610

11.

Double click the file and follow the procedures to Install.

611

12.

Enter your password for the password field and follow the rest of the procedures from the image.

612

13.

Click Finish and then click OK.

 

Task 7: Installing the Client VPN package and connecting to the VPN

 

1.

Navigate to the directory C:P2S Certificates and install the Client Configuration Package.

71

2.

Click networks from the Bottom Right corner.

72

3.

You Will be able to see the VPN Network in the Networks Pane.

73

4.

Click Connect

74

5.

Click Connect Again

75

6.

Click Continue.

76

7.

Navigate back to the networks pane and confirm that the network connectivity has been established.

77

8.

To confirm that the connectivity has been established, open command prompt and run the command ipconfig /all. Your output should be similar to this.

78

 

 

 

THANKS!

Leave a Reply

Your email address will not be published. Required fields are marked *

Reach Us

With Canarys,
Let’s Plan. Grow. Strive. Succeed.