Configure Point‑to‑Site (P2S) VPN

This guide walks you through configuring a Point‑to‑Site connection for an Azure VPN gateway so individual devices can securely connect to your Azure virtual network.

Prerequisites

Step 1 – Create a Virtual Network (if you don’t have one)

# Azure CLI
az network vnet create \
  --resource-group MyResourceGroup \
  --name MyVNet \
  --address-prefix 10.0.0.0/16 \
  --subnet-name GatewaySubnet \
  --subnet-prefix 10.0.255.0/27

Step 2 – Create the VPN Gateway

# Azure PowerShell
$gwIpConfig = New-AzVirtualNetworkGatewayIpConfig -Name "vnetGatewayIpConfig" `
    -SubnetId (Get-AzVirtualNetwork -Name "MyVNet" -ResourceGroupName "MyResourceGroup").Subnets[0].Id `
    -PublicIpAddress (New-AzPublicIpAddress -Name "gwIp" -ResourceGroupName "MyResourceGroup" -Location "EastUS" -AllocationMethod Dynamic)

New-AzVirtualNetworkGateway -Name "MyVpnGateway" -ResourceGroupName "MyResourceGroup" `
    -Location "EastUS" -IpConfigurations $gwIpConfig -GatewayType Vpn -VpnType RouteBased `
    -GatewaySku VpnGw1 -EnableBgp $false

Step 3 – Configure Point‑to‑Site Settings

# Azure CLI
az network vnet-gateway update \
  --resource-group MyResourceGroup \
  --name MyVpnGateway \
  --address-prefixes 172.16.0.0/24 \
  --client-protocol IkeV2 \
  --authentication-type Radius \
  --radius-server "10.10.10.5" \
  --radius-secret "MyRadiusSecret"
Tip: Azure also supports Self‑Signed certificates for authentication. Use az network vnet-gateway root-cert create to upload a root cert.

Step 4 – Download the VPN Client

After configuring P2S, navigate to the gateway in the Azure portal and click Download VPN client. Extract the ZIP file and run the installer for your OS.

Step 5 – Connect from a Client Machine

Open the installed VPN client, select the generated profile, and click Connect. Verify the connection status in the Azure portal under Point‑to‑Site connections.