Overview
This document provides detailed information about the Azure PowerShell cmdlets used to manage and configure VPN client connection settings for Azure Virtual Network Gateways. These cmdlets allow you to generate VPN client configuration packages, manage P2S configurations, and set up secure remote access for your Azure virtual networks.
Purpose of VPN Client Connection Cmdlets
Azure VPN Gateway supports Point-to-Site (P2S) VPN connections, enabling individual users to connect to your Azure virtual network from their client devices. The cmdlets in this module facilitate the creation and management of these P2S connections, including:
- Configuring the VPN client protocol (SSTP, OpenVPN, or IKEv2).
- Specifying the authentication method (Azure Active Directory, Radius, or Certificate-based).
- Generating downloadable VPN client configuration packages that users can install on their devices.
- Managing the address pools from which clients receive IP addresses.
Key Cmdlets
Retrieves the VPN client configuration for a specified virtual network gateway.
Get-AzVpnClientConfiguration -VirtualNetworkGatewayName <String> -ResourceGroupName <String> [-PublicIpAddress] [-VpnAuthType <VpnAuthType>] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
Description
This cmdlet generates and retrieves the configuration details required for connecting VPN clients to an Azure Virtual Network Gateway. This can include parameters for authentication and network settings.
Parameters
| Name | Description | Required? |
|---|---|---|
| -VirtualNetworkGatewayName | The name of the virtual network gateway. | Yes |
| -ResourceGroupName | The name of the resource group. | Yes |
| -PublicIpAddress | Specifies to include the public IP address of the gateway in the configuration. | No |
| -VpnAuthType | Specifies the VPN authentication type. Possible values are Radius, AzureAD, or Certificate. |
No |
Example
Get-AzVpnClientConfiguration -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -PublicIpAddressConfigures the Point-to-Site (P2S) VPN profile for a virtual network gateway.
Set-AzVirtualNetworkGatewayP2sVpnProfileConfiguration -VirtualNetworkGatewayName <String> -ResourceGroupName <String> -VpnClientAddressPool <String[]> -VpnClientProtocol <VpnClientProtocol> [-VpnClientRootCertificates <PSVirtualNetworkGatewayP2sVpnProfileConfigurationRootCertificate[]>] [-RadiusServerAddress <String>] [-RadiusServerSecret <SecureString>] [-AadTenant <String>] [-AadAudience <String>] [-AadIssuer <String>] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
Description
This cmdlet allows you to define the client IP address pool, VPN protocols (SSTP, IKEv2, OpenVPN), and authentication methods for P2S connections on a virtual network gateway. It's crucial for setting up remote access.
Parameters
| Name | Description | Required? |
|---|---|---|
| -VirtualNetworkGatewayName | The name of the virtual network gateway. | Yes |
| -ResourceGroupName | The name of the resource group. | Yes |
| -VpnClientAddressPool | The IP address range to use for the VPN clients. | Yes |
| -VpnClientProtocol | The VPN client protocol to use. Possible values are SSTP, IKEv2, or OpenVPN. |
Yes |
| -VpnClientRootCertificates | An array of root certificates for certificate-based authentication. | No |
| -RadiusServerAddress | The IP address or FQDN of the RADIUS server. | No |
| -RadiusServerSecret | The shared secret for the RADIUS server. | No |
| -AadTenant | The Azure Active Directory tenant ID for Azure AD authentication. | No |
| -AadAudience | The Azure Active Directory audience for Azure AD authentication. | No |
| -AadIssuer | The Azure Active Directory issuer URL for Azure AD authentication. | No |
Example
$pool = @("192.168.1.0/24")
$gateway = Get-AzVirtualNetworkGateway -Name "MyVpnGateway" -ResourceGroupName "MyResourceGroup"
Set-AzVirtualNetworkGatewayP2sVpnProfileConfiguration -VirtualNetworkGatewayName $gateway.Name -ResourceGroupName $gateway.ResourceGroupName -VpnClientAddressPool $pool -VpnClientProtocol "IKEv2"Adds a root certificate to the Point-to-Site (P2S) VPN client configuration.
Add-AzVpnClientRootCertificate -VirtualNetworkGatewayName <String> -ResourceGroupName <String> -Name <String> -PublicCertData <String> [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
Description
This cmdlet is used when you are configuring certificate-based authentication for P2S VPN connections. It uploads the public key of your root certificate to the Azure Virtual Network Gateway.
Parameters
| Name | Description | Required? |
|---|---|---|
| -VirtualNetworkGatewayName | The name of the virtual network gateway. | Yes |
| -ResourceGroupName | The name of the resource group. | Yes |
| -Name | The name of the root certificate. | Yes |
| -PublicCertData | The public certificate data in Base64 encoded format. | Yes |
Example
$certPath = "C:\path\to\your\rootcert.cer"
$certData = [System.Convert]::ToBase64String((Get-Content -Path $certPath -Encoding Byte -ReadCount 0))
Add-AzVpnClientRootCertificate -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -Name "RootCert" -PublicCertData $certData