Microsoft Azure Point-to-Site Connectivity: Simplifying Remote Access

Discover how Point-to-Site connectivity in Microsoft Azure offers an efficient solution for connecting virtual machines within a virtual network to on-premises machines. This guide explains why Point-to-Site is ideal for accessing remote VMs, providing a simpler alternative to traditional endpoint configurations.

Microsoft Azure - Point-to-Site Connectivity

In the last chapter, we learned how to create an endpoint to access a virtual machine, but that process can be quite tedious. If you need to connect a virtual machine within a virtual network to an on-premises machine, point-to-site connectivity is the best solution. This method is highly effective for working with remote virtual machines.

Understanding Point-to-Site Connectivity

Point-to-site connectivity connects your on-premises machine to a virtual network in Azure. You can connect up to 128 on-premises machines to your Azure virtual network using this method. Access to the virtual network is secured with a certificate, which must be installed on each local machine that needs to connect.

Enabling Point-to-Site Connectivity on an Existing Virtual Network

If you already have a virtual network set up in Azure, you can enable point-to-site connectivity through the management portal. Follow these steps:

  1. Log in to the Azure management portal.
  2. Click on ‘Networks’ in the left panel, and select the network you wish to work with.
  3. Click on ‘Configure.’
  4. Check the ‘Configure Point-to-site connectivity’ checkbox. This allows you to enter the starting IP address and the CIDR (Classless Inter-Domain Routing) block.
  5. Scroll down and click on ‘Add Gateway Subnet.’
  6. Enter the Gateway subnet and click ‘Save.’ A message will pop up confirming the changes.
  7. Click ‘Yes,’ and your point-to-site connectivity is set up.

You will need to create and install a certificate on your local machines to access your virtual network.

Creating a New Virtual Network with Point-to-Site Connectivity

  1. Click on ‘New’ → ‘Network Services’ → ‘Virtual Network’ → ‘Custom Create.’
  2. Enter a name for your network, select the location, and click ‘Next.’
  3. On the next screen, select ‘Configure a point-to-site VPN’ and click ‘Next.’
  4. Enter the starting IP address and select the CIDR block.
  5. Enter the Subnet, then click ‘Add Gateway Subnet’ and fill in the required information.
  6. Your point-to-site connectivity setup is complete.
  7. Click on the name of your network (e.g., ‘MyNet’).
  8. Click on ‘Dashboard’ to see the details of your network.

At this point, you’ll notice that the gateway has not been created yet. To proceed, you need to generate a certificate first.

Generating Certificates

The point-to-site VPN in Azure supports only self-signed certificates. Here's how you can create one:

Creating a Certificate

  1. Visit the Microsoft website or search for ‘Windows SDK for 8.1’ on Google. Download the appropriate SDK for your Windows version.
  2. Download the required file (it will be saved as an .exe file named sdksetup on your machine).
  3. Run the file. During the installation, uncheck unnecessary features as shown during the setup process.
  4. After installation, open Command Prompt as an Administrator.
  5. Enter the following commands to create a root certificate:
    6. Syntax
    
cd C:\Program Files (x86)\Windows Kits\8.1\bin\x64
makecert -sky exchange -r -n "CN=MyNet" -pe -a sha1 -len 2048 -ss My
    Output
    
Root certificate "CN=MyNet" created successfully.

    Replace ‘MyNet’ with the name of your network in the command.

  6. Next, create a client certificate with the following command:
    7. Syntax
    
makecert -n "CN=MyNetClient" -pe -sky exchange -m 96 -ss My -in "MyNet" -is my -a sha1
    Output
    
Client certificate "CN=MyNetClient" created successfully.
  7. Search for ‘mmc’ on your computer and run it.
  8. Click ‘File’ → ‘Add/Remove Snap-in.’
  9. In the popup window, select ‘Certificates’ and click ‘Add.’
  10. Choose ‘My User Account’ and click ‘Finish.’
  11. Expand ‘Current User’ in the left panel, then ‘Personal,’ and then ‘Certificates.’ You will see the certificates listed here.
  12. Right-click on the certificate, select ‘All Tasks,’ and then ‘Export.’
  13. Follow the export wizard, name the certificate, and select a location to save it.

Uploading the Certificate to Azure

  1. Log in to the Azure management portal.
  2. Go to your network, click on ‘Certificates,’ and then ‘Upload Root Certificate.’
  3. Browse to the location where you saved your certificate, select it, and upload.

Downloading the Client VPN Package

The Client VPN Package allows you to connect to the Azure network from your local machine.

  1. Go to your network’s dashboard in the Azure management portal.
  2. Scroll down and locate the download options on the right side of the screen.
  3. Select the appropriate VPN package and download it to your computer. Run and install the package.
  4. Windows might warn you about running the file. If this happens, click ‘Run Anyway.’
  5. Go to ‘Networks’ on your computer, and you will see the VPN connection available (e.g., ‘MyNet’).
  6. Click on the network and select ‘Connect.’ You will now be connected to your Azure virtual network.