Azure Virtual Network Gateway VPN Client Connection Cmdlets Reference

Azure Virtual Network Gateway VPN Client Connection Cmdlets

This reference page lists the PowerShell cmdlets used for managing VPN client connections to Azure Virtual Network Gateways. These cmdlets allow you to configure, download, and manage client configurations for point-to-site VPN connections.

Cmdlets by Performance Module

AzureVirtualNetworkGatewayPerformanceCmdlets

This module contains cmdlets for managing various aspects of Azure Virtual Network Gateways, including VPN client connection configurations.

Get-AzVirtualNetworkGatewayVpnClientConnectionConfiguration

Retrieves the VPN client connection configuration for a virtual network gateway.

Get-AzVirtualNetworkGatewayVpnClientConnectionConfiguration -VirtualNetworkGatewayName "MyGateway" -ResourceGroupName "MyResourceGroup"

Set-AzVirtualNetworkGatewayVpnClientConnectionConfiguration

Configures the VPN client connection settings for a virtual network gateway.

Set-AzVirtualNetworkGatewayVpnClientConnectionConfiguration -VirtualNetworkGatewayName "MyGateway" -ResourceGroupName "MyResourceGroup" -VpnClientProtocol "IkeV2"

New-AzVirtualNetworkGatewayVpnClientConnectionConfiguration

Creates a new VPN client connection configuration for a virtual network gateway.

New-AzVirtualNetworkGatewayVpnClientConnectionConfiguration -VirtualNetworkGatewayName "MyGateway" -ResourceGroupName "MyResourceGroup" -VpnClientProtocol "IkeV2", "L2tp"

Remove-AzVirtualNetworkGatewayVpnClientConnectionConfiguration

Removes a VPN client connection configuration from a virtual network gateway.

Remove-AzVirtualNetworkGatewayVpnClientConnectionConfiguration -VirtualNetworkGatewayName "MyGateway" -ResourceGroupName "MyResourceGroup"

Get-AzVirtualNetworkGatewayVpnClientRootCertificate

Retrieves the root certificates associated with a virtual network gateway's VPN client configuration.

Get-AzVirtualNetworkGatewayVpnClientRootCertificate -VirtualNetworkGatewayName "MyGateway" -ResourceGroupName "MyResourceGroup"

Add-AzVirtualNetworkGatewayVpnClientRootCertificate

Adds a root certificate to the VPN client configuration of a virtual network gateway.

Add-AzVirtualNetworkGatewayVpnClientRootCertificate -VirtualNetworkGatewayName "MyGateway" -ResourceGroupName "MyResourceGroup" -Name "RootCert" -CertificatePath "C:\Certificates\RootCert.cer"

Remove-AzVirtualNetworkGatewayVpnClientRootCertificate

Removes a root certificate from the VPN client configuration of a virtual network gateway.

Remove-AzVirtualNetworkGatewayVpnClientRootCertificate -VirtualNetworkGatewayName "MyGateway" -ResourceGroupName "MyResourceGroup" -Name "RootCert"

Get-AzVirtualNetworkGatewayVpnClientRevokedCertificate

Retrieves the revoked certificates associated with a virtual network gateway's VPN client configuration.

Get-AzVirtualNetworkGatewayVpnClientRevokedCertificate -VirtualNetworkGatewayName "MyGateway" -ResourceGroupName "MyResourceGroup"

Add-AzVirtualNetworkGatewayVpnClientRevokedCertificate

Adds a revoked certificate to the VPN client configuration of a virtual network gateway.

Add-AzVirtualNetworkGatewayVpnClientRevokedCertificate -VirtualNetworkGatewayName "MyGateway" -ResourceGroupName "MyResourceGroup" -Name "RevokedCert" -Thumbprint "THUMBPRINT_HASH"

Remove-AzVirtualNetworkGatewayVpnClientRevokedCertificate

Removes a revoked certificate from the VPN client configuration of a virtual network gateway.

Remove-AzVirtualNetworkGatewayVpnClientRevokedCertificate -VirtualNetworkGatewayName "MyGateway" -ResourceGroupName "MyResourceGroup" -Name "RevokedCert"

Get-AzVirtualNetworkGatewayVpnClientConfigurationPackageUrl

Retrieves the URL for downloading the VPN client configuration package.

Get-AzVirtualNetworkGatewayVpnClientConfigurationPackageUrl -VirtualNetworkGatewayName "MyGateway" -ResourceGroupName "MyResourceGroup" -O365PolicyEnabled $false

Other Related Cmdlets

Cmdlets from other modules that might be relevant for managing virtual network gateways and their configurations.

Get-AzVirtualNetworkGateway

Retrieves a virtual network gateway.

Get-AzVirtualNetworkGateway -Name "MyGateway" -ResourceGroupName "MyResourceGroup"

New-AzVirtualNetworkGateway

Creates a new virtual network gateway.

New-AzVirtualNetworkGateway -Name "MyGateway" -ResourceGroupName "MyResourceGroup" -Location "East US" -IpConfigurations ...

Get-AzVirtualNetwork

Retrieves a virtual network.

Get-AzVirtualNetwork -Name "MyVNet" -ResourceGroupName "MyResourceGroup"

Usage Examples

Below are some common scenarios and how to implement them using the provided cmdlets:

1. Downloading a VPN Client Package

# Specify the gateway and resource group
$gatewayName = "MyVpnGateway"
$resourceGroupName = "MyNetworkingRG"

# Get the download URL for the client package (for Windows client)
$packageUrl = Get-AzVirtualNetworkGatewayVpnClientConfigurationPackageUrl -VirtualNetworkGatewayName $gatewayName -ResourceGroupName $resourceGroupName -O365PolicyEnabled $false

# You can then use this URL to download the package or provide it to users
Write-Host "Download VPN client package from: $($packageUrl.VpnClientPackageUrl)"

# For macOS/Linux, you might need a different configuration or client.
# Consult Azure documentation for platform-specific client instructions.

2. Configuring Allowed Protocols

# Set the virtual network gateway to allow IKEv2 and SSTP protocols
Set-AzVirtualNetworkGatewayVpnClientConnectionConfiguration -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyNetworkingRG" -VpnClientProtocol "IkeV2", "SSTP"

# To retrieve the current configuration:
Get-AzVirtualNetworkGatewayVpnClientConnectionConfiguration -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyNetworkingRG"

3. Managing Root Certificates

# Add a root certificate for trusted authentication
Add-AzVirtualNetworkGatewayVpnClientRootCertificate -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyNetworkingRG" -Name "MyRootCA" -CertificatePath "C:\Certificates\AzureRootCA.cer"

# List all root certificates configured
Get-AzVirtualNetworkGatewayVpnClientRootCertificate -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyNetworkingRG"

# Remove a root certificate
Remove-AzVirtualNetworkGatewayVpnClientRootCertificate -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyNetworkingRG" -Name "MyRootCA"