[How To] Establish a Point-to-Site VPN connection between Azure and a client

Login to the Microsoft Azure Preview Portal
1. https://portal.azure.com/
Create a VNET
1. Click on the + New button
2. Select Networking, Virtual Network
3. Type in a Name for your VNET
4. Select Address Space, configure the parameters of your cloud based virtual network, and click OK
5. Select Resource Group, Create a new resource group, enter a name for the group and click OK
6. Click Location and select the location closest to you
7. Click Create
With the Virtual Network blade still open, select VPN connections
On the New VPN Connection blade, select Point-to-site, in the Address Spaces prompts, enter in each of your subnets, ensure Create gateway immediately is checked and then click on Subnet, size and routing type
Select Subnet on the Gateway configuration blade
Enter in a new subnet that will be used for clients connecting through the VPN tunnel and then click OK
Click OK on the Gateway configuration blade
Click OK on the New VPN Connection blade
If you refresh the Azure portal, you should now see on the VPN connections section that it is trying to create the gateway. Based on my experience, this process can take awhile to setup (10-15 minutes), so this is something you will want to provision and then get up and grab a cup of coffee
1. In the process of provisioning
2. Provisioned gateway
Generate and upload certificates
1. Generate a self-signed SSL certificate via command prompt
  1. You can use whatever utility you are most comfortable with; I’d recommend using makecert if you have Visual Studio installed (can be found here:C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\x64). If you don’t have Visual Studio, you can use openSSL
  2. Using Visual Studio’s command prompt
    1. Execute the following command to generate a root certificate
      1. makecert -sky exchange -r -n “CN=AzureVLANRootCertificate” -pe -a sha1 -len 2048 -ss My “AzureVLANRootCertificate.cer”
    2. Execute the following command to generate a client certificate
      1. makecert.exe -n “CN=AzureVLANClientCertificate” -pe -sky exchange -m 96 -ss My -in “AzureVLANRootCertificate” -is my -a sha1
    3. Notes: The root certificate and client certificate can have whatever name you wish, just ensure that in the client certificate, the root certificate’s name matches the root certificate you just generated
Upload your root certificate
1. On the Virtual Network blade, click on VPN Connections
2. Click on Point-to-site
3. Click on Manage Certificate
4. Click on Upload
5. Select your certificate and click OK
Establish a connection
1. Go back to the Point-to-site connection blade and select the VPN Client for your supported OS
2. Save and Run the VPN installer
3. Install the VPN Client by clicking on Yes
4. Connect to Azure via the VPN connection
5. Click Connect on the VPN dialog
6. Click Continue to temporarily add routes to Azure while the VPN connection is established
Verify you are connected via the Point-to-site connections blade

At this point, this specific client that is connected to Azure should have access to all internal devices on the Server’s subnet we created in step 2-4!