In the documentation it is stated:
IKEv2 VPN, a standards-based IPsec VPN solution. IKEv2 VPN can be used
to connect from Mac devices (macOS versions 10.11 and above).
For me, that means that IKEv2 is only possible for Mac Clients
However, we are using Windows Clients to connect via IKEv2. Here, a screenshot from my settings:
Is the documentation wrong?
As stated here IKEv2 is supported on Windows via its native client. I think the document you shared is missing some information, I will create a documentation feedback item for this.
Related
I have setup an Azure VNet and a Point to Site VPN using the OpenVPN tunnel to maintain use of the Azure AD username and password for login.
I have sample .ovpn config files but they all require certificates, beyond what is provided by Azure.
Azure provides me with the following three files:
AzureVPN\azurevpnconfig.xml
Generic\VpnServerRoot.cer
Generic\VpnSettings.xml
How should I go about using these files to configure a .ovpn document allowing me to connect to this VPN using my MacBook?
My understanding is that the certs aren't needed since we're using a username and password to login? The downloaded VpnServerRoot.cer doesn't import to the OS Keychain...
Thank for any pointers!
Unfortunately, currently, MAC OS client is not available for connecting Azure point to site VPN with Azure AD authentication. The table below shows the client operating systems and the authentication options that are available to them. Refer to https://learn.microsoft.com/en-us/azure/vpn-gateway/work-remotely-support
With using the OpenVPN tunnel, you can select RADIUS and Azure Certificate authentication for your MAC OS X clients. For Mac clients, Read Configure OpenVPN clients for Azure VPN Gateway.
Only iOS 11.0 and above and MacOS 10.13 and above are supported with
OpenVPN protocol.
and Create and install VPN client configuration files for native Azure certificate authentication P2S configurations.
I created a VPN gateway on azure and I was able to connect to it using windows 10. However it does not work on windows server 2012. I got this error.
The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error. (Error 812)
In azure the authenticate type is Azure certificate.
I have tried some solutions online, like running some commands and applying some windows updates, but nothing worked.
Like the comment mentioned, Azure VPN Gateway supports only TLS 1.2. To maintain support, see the updates to enable support for TLS1.2. and more details: Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows.
Also, Windows OS versions prior to Windows 10 are not supported with IKEv2 VPN and can only use SSTP or OpenVPNĀ® Protocol. See details here.
Check the above all. If you still have any question, you can contact the MS Azure support check if there is any update on the Azure side.
I decided to use openvpn as a tunel type and it worked.
Thanks for your help.
If someone comes across the same error ("The connection was prevented because of a policy configured on your RAS/VPN server.."), here's what helped in my case:
In the Windows search for "ncpa.cpl" or just go to Network Connections
Right click on your VPN connection and open properties
In the Security tab, tick checkboxes next to the "Challenge Handshake.." and/or "Microsoft CHAP.."
Been trying unsuccessfully to make the Hybrid Connection Manager work, it's my first hands-on experience:
On Azure portal:
I've installed Hybrid Connection Manager on my laptop (using local admin account, Win 7 Enterprise) and also used it as on-premise endpoint for a MS SQL Express instance. psPing (great toolset by Mark Russinovich) shows connectivity on port 1433 and I can connect through SSMS without any issue.
I tried this in a workshop today and one of the trainers was able to get connected when using the same network connection, but a laptop from his organization.
Any ideas on what to try next?
The problem was the operating system. It seems that Windows Server 2012 or later is a prerequisite.
Thanks to DrewB and Rtm9018 for their comments in the thread at https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections:
I'm using some hosted 2008R2 servers for testing scenarious in the Azures cloud and they seem to be working well for most things.
I need clients to directly access the server via VPN such that they have full IP access to the server, for, say, SMB NET USE drive mappings, which otherwise would not be available over the Internet.
Normally, you'd just install RRAS and configure VPN.
But on these VMs, the connection from a remote VPN client fails. I'm forwarding the correct endpoints (I believe), 47 & 1723 for PPTP and 50/51/500 for IPSEC. But they aren't getting through.
The server is listening on these ports.
All my searching seems to suggest you need to use "Azures connect" for VPN access, so does this mean you can't go direct to the server for clients? I don't want to go for the Azures Connect route as I'm just playing/testing and don't want to use any proprietory methods.
Confirmation that this is impossible would be useful to save me going mad.
Azure Connect is a very good way to start; it is an Azure service so I am not sure why you are reluctant to use it. I would keep an eye on performance; VPN could very well be faster. Here is my blog post on how Azure Connect works and the steps I took to make it work: http://geekswithblogs.net/hroggero/archive/2012/10/18/how-to-create-a-virtual-network-with-azure-connect.aspx
Regarding VPN, only certain devices are supported for the preview. Please refer to MSDN for a complete list of supported devices and protocol requirements: http://msdn.microsoft.com/en-us/library/windowsazure/jj156075.aspx
My application is hosted in Windows Azure.
I have partnered with enterprise to offer service to their customers.
However , they require VPN connection between us (in the cloud) and their enterprise application.
What is the best way to do this?
Installing software on their machine is not an option.
Windows Azure now has a Virtual Network, announced as part of the Spring 2012 release. It lets you connect your on-premises network to Windows Azure via IPSEC, and takes advantage of your on-prem hardware VPN device.
Summary information here, and tutorials here.
As Azure roles accepts only http/https ant tcp connections "classic" IPSec or PPTP is not an option.
Az Azure roles are Windows Server 2008/R2 you can configure SSTP connection to Azure with startup script or cutom VM Role.
Azure roles has random internal IPs so you'll have to deal with IP resolving too.
Windows Azure Connect allows you to setup an IPSec tunnel between your Azure application and a local network. See:
https://azure.microsoft.com/en-us/services/virtual-machines/
and
http://azure.microsoft.com/documentation/articles/vpn-gateway-point-to-site-create/