Azure Virtual Network Gateway VPN Client Connection Cmdlets

This documentation section provides reference for PowerShell cmdlets related to managing Azure Virtual Network Gateway VPN client connections. These cmdlets allow you to configure, monitor, and troubleshoot VPN connections from client devices to your Azure Virtual Network Gateway.

Overview

Azure VPN Gateway enables secure, hybrid cloud connectivity by connecting your on-premises networks to Azure Virtual Networks. VPN client connections allow individual users or devices to connect directly to your Azure VNet through a VPN tunnel, offering enhanced security for remote access scenarios.

Cmdlets by Cost Providers

The following cmdlets are categorized by the cost providers they typically fall under within Azure's billing structure. For detailed cost information, please refer to the Azure Pricing Calculator.

Get-AzVpnClientConfiguration
Retrieves the VPN client configuration package for a virtual network gateway. This package contains the necessary files and settings for a VPN client to connect to the gateway.
Syntax: 
Get-AzVpnClientConfiguration -GatewayName <String> -ResourceGroupName <String> [-VpnClientProtocol <VpnClientProtocol>] [-OutputBlobPath <String>] [-Force] [<CommonParameters>]

Parameters:

-GatewayName: The name of the virtual network gateway.
-ResourceGroupName: The name of the resource group.
-VpnClientProtocol: Specifies the protocol for the VPN client configuration (e.g., IkeV2, VpnClientProtocol).
-OutputBlobPath: Specifies a local path to save the downloaded client configuration blob.

Example:

# Download the IKEv2 VPN client configuration for a gateway
                    Get-AzVpnClientConfiguration -GatewayName "MyGateway" -ResourceGroupName "MyResourceGroup" -VpnClientProtocol IkeV2 -OutputBlobPath "C:\VPNConfigs\MyGateway_IKEv2.zip"
Set-AzVpnClientConfiguration
Configures settings for VPN client connectivity, such as authentication methods and IPsec policies.
Syntax: 
Set-AzVpnClientConfiguration -VirtualNetworkGateway <VirtualNetworkGateway> -VpnClientConfiguration <VpnClientConfiguration> [<CommonParameters>]

Parameters:

-VirtualNetworkGateway: The virtual network gateway object.
-VpnClientConfiguration: The VPN client configuration object with desired settings.

Example:

# This cmdlet is typically used in conjunction with other cmdlets to build the VpnClientConfiguration object.
                    # Refer to the Azure PowerShell documentation for comprehensive examples.
Add-AzVpnClientRootCertificate
Adds a root certificate to the virtual network gateway. This is often used for certificate-based authentication for VPN client connections.
Syntax: 
Add-AzVpnClientRootCertificate -VirtualNetworkGatewayName <String> -ResourceGroupName <String> -PublicCertData <String> [<CommonParameters>]

Parameters:

-VirtualNetworkGatewayName: The name of the virtual network gateway.
-ResourceGroupName: The name of the resource group.
-PublicCertData: The public certificate data in Base64 encoded format.

Example:

# Add a root certificate to the VPN Gateway
                    $certPath = "C:\Certificates\MyRootCA.cer"
                    $cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($certPath)
                    $publicCertData = $cert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert) | ConvertTo-Base64
                    Add-AzVpnClientRootCertificate -VirtualNetworkGatewayName "MyGateway" -ResourceGroupName "MyResourceGroup" -PublicCertData $publicCertData
Remove-AzVpnClientRootCertificate
Removes a root certificate from the virtual network gateway.
Syntax: 
Remove-AzVpnClientRootCertificate -VirtualNetworkGatewayName <String> -ResourceGroupName <String> -Thumbprint <String> [<CommonParameters>]

Parameters:

-VirtualNetworkGatewayName: The name of the virtual network gateway.
-ResourceGroupName: The name of the resource group.
-Thumbprint: The thumbprint of the root certificate to remove.

Example:

# Remove a root certificate by its thumbprint
                    Remove-AzVpnClientRootCertificate -VirtualNetworkGatewayName "MyGateway" -ResourceGroupName "MyResourceGroup" -Thumbprint "A1B2C3D4E5F6..."
Get-AzVirtualNetworkGatewayVpnClientRevokedCertificate
Retrieves revoked client certificates associated with a virtual network gateway.
Syntax: 
Get-AzVirtualNetworkGatewayVpnClientRevokedCertificate -VirtualNetworkGatewayName <String> -ResourceGroupName <String> [-Thumbprint <String>] [<CommonParameters>]

Parameters:

-VirtualNetworkGatewayName: The name of the virtual network gateway.
-ResourceGroupName: The name of the resource group.
-Thumbprint: The thumbprint of the revoked certificate to retrieve.
Add-AzVirtualNetworkGatewayVpnClientRevokedCertificate
Adds a revoked client certificate to the virtual network gateway. This prevents specified client certificates from connecting.
Syntax: 
Add-AzVirtualNetworkGatewayVpnClientRevokedCertificate -VirtualNetworkGatewayName <String> -ResourceGroupName <String> -Thumbprint <String> -Name <String> [<CommonParameters>]

Parameters:

-VirtualNetworkGatewayName: The name of the virtual network gateway.
-ResourceGroupName: The name of the resource group.
-Thumbprint: The thumbprint of the certificate to revoke.
-Name: The name for the revoked certificate entry.
Remove-AzVirtualNetworkGatewayVpnClientRevokedCertificate
Removes a revoked client certificate from the virtual network gateway.
Syntax: 
Remove-AzVirtualNetworkGatewayVpnClientRevokedCertificate -VirtualNetworkGatewayName <String> -ResourceGroupName <String> -Thumbprint <String> [<CommonParameters>]

Parameters:

-VirtualNetworkGatewayName: The name of the virtual network gateway.
-ResourceGroupName: The name of the resource group.
-Thumbprint: The thumbprint of the revoked certificate to remove.

Related Concepts

Troubleshooting

If you encounter issues with VPN client connections, consider the following: