Azure Virtual Network Gateway VPN Client Connection Cmdlets

Introduction

This document provides a comprehensive reference for PowerShell cmdlets used to manage VPN client connections to Azure Virtual Network Gateways. These cmdlets enable you to configure, monitor, and troubleshoot VPN connections from client devices to your Azure Virtual Network.

Azure Virtual Network Gateways support two types of VPN connections:

• Site-to-Site (S2S) VPN: Connects your on-premises network to your Azure VNet.
• Point-to-Site (P2S) VPN: Connects individual client devices to your Azure VNet.

The cmdlets discussed here are primarily focused on managing the configuration and status of P2S VPN connections, including client certificate management, connection configurations, and revocation lists.

Key PowerShell Modules

The cmdlets for Azure Virtual Network Gateway VPN client connections are primarily found within the following PowerShell module:

• Az.Network

  This module contains the core cmdlets for managing Azure networking resources, including Virtual Network Gateways and their associated VPN client configurations.

To ensure you have the latest cmdlets, make sure your Az PowerShell module is up to date.

Common Cmdlets and Their Use Cases

Below is a list of commonly used cmdlets for managing VPN client connections to Azure Virtual Network Gateways. For detailed syntax and parameters, click on a cmdlet name.

Example Scenarios

1. Configuring Point-to-Site VPN with a Root Certificate

This example shows how to add a root certificate to your Virtual Network Gateway's P2S configuration.

# Connect to your Azure account
Connect-AzAccount

# Set your subscription context
Set-AzContext -SubscriptionId "YourSubscriptionId"

# Define variables
$resourceGroupName = "MyResourceGroup"
$gatewayName = "MyVpnGateway"
$certificateFilePath = "C:\Path\To\MyRootCert.cer"
$certificateName = "MyRootCertificate" # A friendly name for the certificate

# Import the root certificate content
$certificateBytes = [System.IO.File]::ReadAllBytes($certificateFilePath)
$certificateBase64 = [System.Convert]::ToBase64String($certificateBytes)

# Get the virtual network gateway
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName $resourceGroupName -Name $gatewayName

# Add the root certificate to the P2S configuration
Add-AzVpnClientRootCertificate -VirtualNetworkGateway $gateway -PublicCertData $certificateBase64 -CertificateName $certificateName

# Update the gateway to apply changes (this can take some time)
$gateway | Set-AzVirtualNetworkGateway

Write-Host "Root certificate '$certificateName' added to VPN client configuration for gateway '$gatewayName'."
            

2. Revoking a Client Certificate

This example demonstrates how to revoke a specific client certificate from connecting.

# Connect to your Azure account and set context (as in Example 1)
Connect-AzAccount
Set-AzContext -SubscriptionId "YourSubscriptionId"

# Define variables
$resourceGroupName = "MyResourceGroup"
$gatewayName = "MyVpnGateway"
$revokedCertificateThumbprint = "YOUR_CLIENT_CERTIFICATE_THUMBPRINT" # The thumbprint of the certificate to revoke
$revokedCertificateName = "RevokedClientCert" # A friendly name for the revoked certificate entry

# Get the virtual network gateway
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName $resourceGroupName -Name $gatewayName

# Add the revoked certificate
Add-AzVpnClientRevokedCertificate -VirtualNetworkGateway $gateway -Thumbprint $revokedCertificateThumbprint -Name $revokedCertificateName

# Update the gateway
$gateway | Set-AzVirtualNetworkGateway

Write-Host "Client certificate with thumbprint '$revokedCertificateThumbprint' has been revoked for gateway '$gatewayName'."
            

Related Resources

• About VPN Gateway settings
• Configure P2S VPN for a VNet
• Az.Network PowerShell Module Documentation