Introduction
This document provides a comprehensive reference for the Azure PowerShell cmdlets used to manage VPN client connections for Azure Virtual Network Gateways. These cmdlets enable you to configure, download, and manage VPN client configurations for establishing secure connections to your Azure Virtual Networks.
Core Cmdlets
Get-AzVpnClientConfiguration
Retrieves the VPN client configuration for a Virtual Network Gateway.
New-AzVpnClientConfiguration
Generates and downloads the VPN client configuration package.
Set-AzVirtualNetworkGatewayVpnClientRevokedCertificate
Adds or removes a revoked client certificate for VPN client authentication.
Set-AzVirtualNetworkGatewayVpnClientRootCertificate
Adds or removes a root certificate for VPN client authentication.
Detailed Cmdlet Information
Get-AzVpnClientConfiguration
This cmdlet retrieves the VPN client configuration details for a specified Azure Virtual Network Gateway. This includes information required to establish a VPN connection.
Syntax Example
Get-AzVpnClientConfiguration -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup"
Parameters
- -VirtualNetworkGatewayName: The name of the Virtual Network Gateway.
- -ResourceGroupName: The name of the resource group.
- -OutputBlobStoragePath: (Optional) Path to an Azure Storage Blob container to store the configuration file.
- -VpnClientRootCert: (Optional) Specifies the root certificate used for client authentication.
New-AzVpnClientConfiguration
This cmdlet generates and downloads a VPN client configuration package for your Virtual Network Gateway. This package contains the necessary files (e.g., .exe, .zip) for users to install and connect using the Azure VPN client.
Syntax Example
New-AzVpnClientConfiguration -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -VpnClientProtocol "IkeV2,SSTP" -OutputFileName "VpnClientConfig.zip"
Parameters
- -VirtualNetworkGatewayName: The name of the Virtual Network Gateway.
- -ResourceGroupName: The name of the resource group.
- -VpnClientProtocol: The VPN client protocols to enable (e.g., "IkeV2", "SSTP", "L2tp").
- -OutputFileName: The desired name for the output configuration file.
- -VpnClientConfiguration: (Optional) A custom configuration object.
Set-AzVirtualNetworkGatewayVpnClientRevokedCertificate
Manages revoked client certificates for your Virtual Network Gateway. This is crucial for revoking access for specific client certificates that should no longer be allowed to connect.
Syntax Example (Add)
Set-AzVirtualNetworkGatewayVpnClientRevokedCertificate -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -Name "RevokedCert1" -Thumbprint "A1B2C3D4E5F678901234567890ABCDEF12345678"
Syntax Example (Remove)
Remove-AzVirtualNetworkGatewayVpnClientRevokedCertificate -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -Name "RevokedCert1"
Parameters
- -VirtualNetworkGatewayName: The name of the Virtual Network Gateway.
- -ResourceGroupName: The name of the resource group.
- -Name: The name of the revoked certificate.
- -Thumbprint: The thumbprint of the revoked client certificate.
Set-AzVirtualNetworkGatewayVpnClientRootCertificate
Manages root certificates for your Virtual Network Gateway. These certificates are used to validate the authenticity of client certificates during the VPN connection establishment process.
Syntax Example (Add)
Set-AzVirtualNetworkGatewayVpnClientRootCertificate -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -Name "RootCert1" -PublicCertData (Get-Content "path/to/root.cer" -Raw)
Syntax Example (Remove)
Remove-AzVirtualNetworkGatewayVpnClientRootCertificate -VirtualNetworkGatewayName "MyVpnGateway" -ResourceGroupName "MyResourceGroup" -Name "RootCert1"
Parameters
- -VirtualNetworkGatewayName: The name of the Virtual Network Gateway.
- -ResourceGroupName: The name of the resource group.
- -Name: The name of the root certificate.
- -PublicCertData: The public data of the root certificate (e.g., in PEM or CER format).