About VPN Gateway point-to-site VPN

Point-to-site (P2S) VPN connectivity enables you to create a secure connection from a client computer to your Azure virtual network. P2S VPN creates a virtual network connection from the client computer to the VPN device or gateway. This solution is useful for enabling remote users to connect to an organization's network on demand.

How P2S VPN Works

With P2S VPN, you can connect your client computers to your virtual network by using an existing internet connection. The connection is initiated from the client computer. Azure VPN Gateway supports two different types of P2S VPN protocols:

Secure Socket Tunneling (SSTP): SSTP is a highly trustworthy VPN tunnel that can traverse all Windows firewalls and SSL proxies. It uses SSLv3.
OpenVPN: OpenVPN is a popular open-source VPN protocol that uses SSL/TLS for security. It is supported by native clients on Windows, macOS, and Linux.

Key Concepts

VPN Gateway: A VPN gateway is a type of virtual network gateway used to send encrypted traffic through the public internet.
Client VPN Configuration: This involves downloading and installing a VPN client on individual user machines.
Authentication: P2S VPN supports certificate-based authentication and RADIUS authentication.

Note: When you configure P2S VPN, you must choose one of the supported VPN protocols (SSTP or OpenVPN). You cannot use both simultaneously for a single gateway.

Use Cases

Remote Access: Allowing employees to securely connect to internal Azure resources from home or while traveling.
Testing and Development: Providing developers and testers with secure access to test environments hosted in Azure.
Temporary Connectivity: Establishing quick, on-demand secure connections without the need for a permanent site-to-site VPN.

Configuration Steps

Configuring a P2S VPN involves several steps:

Create a Virtual Network Gateway: Ensure you have a Virtual Network Gateway deployed in your Azure virtual network.
Configure Gateway Subnet: A dedicated subnet named 'GatewaySubnet' is required for the VPN gateway.
Configure P2S Settings: Specify the address pool from which VPN clients will obtain an IP address, and choose the authentication method and protocols.
Generate and Distribute Client Certificates: If using certificate authentication, create and distribute client certificates.
Download VPN Client Package: Azure provides a package that contains the necessary configuration files and executables to install the VPN client on Windows, macOS, or Linux machines.

Advantages of P2S VPN

Flexibility: Connect from any location with internet access.
Security: Encrypts traffic between the client and Azure.
Ease of Use: Relatively simple to set up for individual users compared to complex network configurations.

For detailed instructions on setting up and configuring Point-to-Site VPN, please refer to the official Azure documentation or use the Azure portal.