Try It Yourself – Configure a Point-to-Site VPN Connection to a Virtual Network (3-Part video Series)

This connection is very easy to understand and implement. Point-to-Site (or P2S) here refers as a connection between a single device (namely a connection point) and an Azure virtual network (vnet) site.

A P2S connection requires a subnet defined within the target Azure vnet site. If to examine from a connected Azure vnet site, a connecting device automatically allocates an IP within the defined P2S subnet and connects to the site via a VPN connection.

Technically, a P2S connection is specific to, not the physical but logical device which is the OS instance which a connecting physical device is running on, since the connection is based on a-private-and-a-public key pair generated with the OS. At this time, Azure P2S supports only self-signed certificates, and the x.509 certificate (i.e. a public key) of an employed key pair resides in a target Azure vent site, while the certificate of PFX format (i.e. a certificate exported with a private key) should be installed at a connecting device. An administrator can configure an Azure P2S connection by:

  1. First enabling P2S connectivity and defining a P2S subnet associated with a target Azure vnet site
  2. Generating an x.509/PFX certificate pair
  3. Uploading the x.509 certificate to the site
  4. Distributing to and installing the PFX certificate on intended (logical) devices
  5. Initiating a connection from a logical device

Although one x.509-and-PFX-certificate-pair is sufficient to establish a P2S connection between an Azure vnet site with multiple devices by uploading an x.509 certificate to a target Azure vent site and employing/installing the associated PFX file on all connecting devices. The best practices is to employ a unique certificate pair for each connecting device to better secure the P2S environment.

Here are the Azure documentation page and complementary videos to walk through the processes and operations to

  1. Create a virtual network and a VPN gateway (video)
  2. Create your certificates (video)
  3. Configure your VPN client (video)