A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual private network from your Windows 10 computer.
Connecting to your VPN requires authentication using a password-protected client certificate that must be present on your computer.
The validation of the client certificate is performed by the VPN gateway and happen while establishing a connection.
Before getting started, please make sure you have the following ready:
-
The client certificate (ending with .pfx) you were provided. This certificate is unique to you and your device.
-
The client certificate name (i.e.,
P2SChildCert[MyCompany][Network][MyName]
) you were provided. -
The client certificate password. You will be required to enter the password when installing the certificate.
-
The VPN server address. For example,
azuregateway-593744ba-1721-4ca5-a1cc-d71e12c89eaa.vpn.azure.com
. We recommend having this in a place you can copy from to avoid typing errors. -
The list of VPN connection routes. For example,
10.1.0.0/16, 10.2.0.0/16
. In most cases, only one route is required. Note, you may have received a prepared file (ending with .ps1) that you can run to automatically configure your VPN connection routes in Step 3: Add VPN Connection Routes.
Each client computer must have a client certificate installed on the device. Follow the steps in this section to install a client certificate.
-
Locate and copy the .pfx file to a convenient location on your computer where you can easily access it.
-
Once the file is on your computer, double-click the .pfx file to install it. The Certificate Import Wizard will appear.
-
Leave the Store Location as Current User, and then click Next.
-
On the File to Import page, don't make any changes. Click Next.
-
On the Private key protection page, input the password for the certificate, then click Next.
-
On the Certificate Store page, leave the default location (Automatically select the certificate store based on the type of certificate), and then click Next.
-
Click Finish. On the Security Warning for the certification installation, click Yes. The certificate is now successfully installed on your device.
Tip: The pane to add a VPN connection will block your view of other windows. Go ahead and copy (Ctrl+C) the VPN server address to the clipboard before starting this section so can easily paste (Ctrl+V) into the appropriate field.
-
Type
VPN Settings
in the search box on the taskbar, then select VPN Settings. -
On the VPN Settings screen, click Add a VPN connection.
-
In the window that appears, select Windows (built-in) as the VPN provider.
-
Enter a Connection name of your preference (i.e.,
Company VPN
). Be sure you do not include spaces before or after the Connection name. -
Enter the VPN server address in the Server name or address field.
-
Leave VPN type set to Automatic.
-
For Type of sign-in info, select Certificate.
-
Leave the User name (optional) and Password (optional) fields blank.
-
Leave Remember my sign-in info enabled (checked).
-
Click Save.
-
On the VPN Settings page, click your new VPN connection (i.e.,
Company VPN
), then click Connect. -
Windows will attempt to establish a connection and then prompt you to choose a certificate.
-
Select the name of the certificate you installed (i.e.,
P2SChildCert[MyCompany][Network][MyName]
) during Step 1: Install Your Client Certificate, then click OK. -
You may see a Continue connecting? prompt stating that Windows does not have enough information to validate the server. Click Connect. You should only see this prompt the first time you connect.
-
The VPN status will change to Connected. You may lose your Internet connection while connected to the VPN until you complete Step 3: Add VPN Connection Routes.
-
Click Disconnect. Stay on the VPN Settings screen to continue to Step 3: Add VPN Connection Routes.
VPN Connection Routes instruct your computer to route network traffic to a specific VPN connection when the destination matches a DestinationPrefix parameter (a particular set of IP addresses).
-
If you've received a prepared VPN configuration file (ending with .ps1), right-click the file, then click Run with PowerShell.
-
A Windows PowerShell window will appear prompting for the VPN connection name. Enter the same VPN connection name (i.e.,
Company VPN
) you created in Step 2: Add a VPN Connection. -
Press any key to close the window once the process completes. The DestinationPrefix may differ from the example below.
-
If you encounter errors, check connection name. It must match exactly to the name you provided when you created the VPN connection. It may not be apparent if you included a space after or before the name when typing it. It's safe to close the window, and repeat steps 1-3 above using the correct name. If the errors persist, please see Getting Support.
If you did not receive a prepared VPN configuration file (ending with .ps1), you will need to run the following commands manually in a PowerShell console. You can copy and modify the example below or download the example script and follow the instructions in the script to configure it for your VPN connection.
If you are not comfortable with running commands in the PowerShell console, please contact the Support Desk for a prepared VPN configuration file. See Getting Support.
# We'll use the connection name multiple times, so set it as a variable.
# Replace 'Company VPN' with the same name you used when you created the VPN connection.
$ConnectionName = "Company VPN"
# For each VPN connection route you received from the Support Desk, run the following command.
# Replace the value for -DestinationPrefix with the IP address you received from the Support Desk.
# For most customers, there is only one route to configure.
Add-VpnConnectionRoute -ConnectionName $ConnectionName -DestinationPrefix "10.1.0.0/16" -PassThru
# After adding all routes, running the following command.
Set-VpnConnection -Name $ConnectionName -SplitTunneling $True
Once the previous steps are completed, you are ready to begin using your new VPN connection.
-
Click the network icon on the Windows task bar. You may see an Ethernet (as shown below) or Wi-Fi symbol depending on your network settings.
-
Find and click the VPN connection (i.e.,
Company VPN
) in the Network pane. -
Click Connect.
-
The status of the VPN connection will update to Connected. You may proceed accessing available resources on your virtual private network.