Azure Virtual Network Gateway VPN Client Connection Cmdlets
On this page
Overview
This document provides a comprehensive reference to Azure PowerShell cmdlets used for managing VPN client connections to Azure Virtual Network Gateways. These cmdlets enable you to configure, download, and manage the client configurations required for establishing secure VPN connections from on-premises devices or individual clients to your Azure Virtual Networks.
Establishing secure VPN connections is crucial for hybrid cloud scenarios, allowing seamless and secure access to your Azure resources. Azure VPN Gateway supports various VPN protocols, and these cmdlets simplify the process of deploying and managing the necessary client configurations.
Key Cmdlets
The following PowerShell cmdlets are essential for working with Azure Virtual Network Gateway VPN client connections:
Get-AzVpnClientConfiguration: Retrieves the VPN client configuration packages for a specified virtual network gateway.New-AzVpnClientRootCertificate: Creates a new root certificate object for the VPN client.Add-AzVpnClientRootCertificate: Adds a root certificate to the VPN client configuration.Remove-AzVpnClientRootCertificate: Removes a root certificate from the VPN client configuration.New-AzVpnClientRevokedCertificate: Creates a new revoked certificate object for the VPN client.Add-AzVpnClientRevokedCertificate: Adds a revoked certificate to the VPN client configuration.Remove-AzVpnClientRevokedCertificate: Removes a revoked certificate from the VPN client configuration.Set-AzVpnClientIpConfiguration: Configures the IP address pools for VPN client connections.
Get-AzVpnClientConfiguration
This cmdlet allows you to download the VPN client configuration package for your Azure VPN Gateway. This package typically contains configuration files and executables needed to establish a P2S (Point-to-Site) VPN connection.
Get-AzVpnClientConfiguration -Name "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -VpnClient "VpnClientConfiguration.exe"New-AzVpnClientRootCertificate
Used to create a PowerShell object representing a root certificate that will be trusted by the VPN clients.
$cert = New-AzVpnClientRootCertificate -Name "RootCertName" -PublicCertData "MIIDjT..."Add-AzVpnClientRootCertificate
Associates a root certificate with your VPN Gateway's P2S configuration.
Add-AzVpnClientRootCertificate -Name "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -Certificate $certRemove-AzVpnClientRootCertificate
Removes a previously added root certificate from the VPN Gateway configuration.
Remove-AzVpnClientRootCertificate -Name "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -CertificateName "RootCertName"New-AzVpnClientRevokedCertificate
Creates an object for a certificate that should be explicitly revoked, preventing clients with this certificate from connecting.
$revokedCert = New-AzVpnClientRevokedCertificate -Name "RevokedCertName" -Thumbprint "A1B2C3D4E5F6..."Add-AzVpnClientRevokedCertificate
Adds a revoked certificate to the VPN Gateway's P2S configuration.
Add-AzVpnClientRevokedCertificate -Name "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -Certificate $revokedCertRemove-AzVpnClientRevokedCertificate
Removes a revoked certificate from the VPN Gateway configuration.
Remove-AzVpnClientRevokedCertificate -Name "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -Thumbprint "A1B2C3D4E5F6..."Set-AzVpnClientIpConfiguration
Configures the IP address range from which clients will be assigned IP addresses when they connect via P2S VPN.
Set-AzVpnClientIpConfiguration -Name "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -VpnClientAddressPool "10.0.0.0/24"