Azure Point-to-Site VPN with Azure AD Authentication and MFA

Great content. I loved the fact that you go directly to the central point of the video and still is able to deliver the details necessary to get the job done.

This video was a huge help! Great content, thanks for posting!

Job done in just a 15 min video. Thank you very much

This is really informative and easy to understand. Thanks!

This is an awesome video! thank you so much.

If it hasn't already been pointed out, at 5:39 it says to select User VPN configuration. The wording has changed in the portal to Point-to-site configuration.

Very helpfull, I was missing the part of information for Azure AD URLs in the Microsoft docs. I managed to configure this with your help, thanks.

Fabulous video, got me thru the process - very appreciative of your professional delivery too, clear and quick, covers all the bases without meandering. But can you help with one more question - what now? I can connect my user to the Azure gateway over VPN , but how do I get them to see their remote application on the VM? Thanks again.

Enjoy your videos Travis and learning a lot. One question my boss is asking is if the speed, latency and connection, is any different between regular RDP or using the VM? Thanks.

Great video. Thank you so much!!!

Hello Travis, awesome videos. I have a question, is there any option instead to use Local administrator permissions to connect? Most of my users are configured as Standard users.

Thanks for another great video

Thank you for this! No where in Microsoft documentation (that I could find) explained what the audience and issuer values needed to be so I was sitting here pulling my hair out until I found your video. Thank you!

Amazing video! Thank you!

Hi Travis, another great video. I do have a question, I couldn't get this to work. I currently have the VPN set to certificate based based on one of your other videos. I removed that then followed this tutorial so that login would be user based. At the point where you install the VPN client and import the xml file and test the VPN connection (before enabling MFA) my client fails with the following error "Server did not respond properly to VPN Control Packets. Session State: Key Material sent", any ideas? Did I not release the cert version before creating this one?

Hi Travis. Thanks for this video. Supper helpful and easy to understand. Can the give admin consent step and restrict vpn to group step don via terraform?

Awesome, thanks for the video

Thanks for this fabulous content. Can I add P2S as described here to an existing VNET that is already connected in a site-to-site VPN setting?

Thank you! If i already have a site to site vpn can i go into that and enable the point to site? Or do you need to create a new VPN just for the point to site? Awesome info

Thank you, this video was instrumental in helping me configure and install a Client - Virtual Server App. I followed the video regarding the IP / Subnet Addresses and got it to work but any suggestions to better understand the logic behind this without having to become a network engineer?

Thanks for this amazing post. Is there a way to force MFA for all VPN connections (as opposed to the just the original connection)?
Ideally, when i remove a user from the group, I don't want them to still be able to connect to the VPN. Currently, when i remove a user from the group, that user can still connect to the VPN. Is there a way to force MFA for all VPN connections? Currently, theres a cookie on the client machine that will allow them to connect even after the user is removed from the group. I want to enforce for all VPN connections MFA (and not only during the initial connection). Also, I followed this youtube video setup for context

Great video and Great learning thanks . With this vpn connection can we access SQL server with private end point ?

I have a VNET peered to my AADDS VNET and i specify custom DNS servers. When I connect to the Azure VPN client, I lose name resolution on my laptop. Any recommendations on this issue?

Very informative.. The content of the video is very good.. Thanks :)

I have a number of different virtual networks in my Azure, all with servers behind them. Currently the ports to remote desktop to the servers are locked to my home IP address but I need other people to also have access. Thanks to this video I have successfully setup VPN connections but how do I configure each networks file to allow access on some ports to VPN users?

It’s clear and good

Hi,
Thanks so much for the video! I have a question, would you say it's best practice to set up a separate VNG with your Azure resources your VNG used for your VPN? Or does it not make a difference.
I hope my question makes sense.

Anyone help out. I have done this in the past with no issue following this video, now a separate instance and It will not connect after setting up VPN client. always fails to connect with "server did not respond properly to VPN control packets" key material sent.. Time on my PC is 100% I triple checked my settings, all seem fine?

Excellent video

Is it required to use IKEv2 with certificates on Mac OS? I couldn't find the Azure VPN client application for Mac OS.

Hi Travis. Great Content. Love the delivery. I just have one question. Can I use the same GW as a Site to Site active VPN for my Azure to Site VPN or is it a must that I create a new GW?

Thank you for this content. However, I am disconnected from internet while I am connected to vpn- gateway through azure vpn client. How to solve this? I can't use Azurevpn p2s with AzureAD if I cant use internet at the same time. Thanks in advance.

Hi, thanks for this video. I am getting error "Vpn client configuration AAD Audience is not valid for gateway. AAD Audience must be a Guid.". But i double checked, audience code is correct. It is same with yours also i can copy it from my Azure VPN as well. But i am getting this error, any idea? Thank you!

This VPN did not change my public IP address. Is there any way to use this VPN (or any other VPN which can be used to connect azure VNet) to change my public IP address?

Great video, Can this be connected to multiple regions? what are the costs?

What do you think is better cert based with IKEv2 or OpenVPN AAD?

That’s so cool! Almost to easy. I’m wondering if the azure app config can be deployed with Endpoint manager? The app wouldn’t be the problem, just wondering on the config.

Will this work for Linux client machines? if no? any other possibilities to use azure ad MFA for Linux client machines for azure p2s vpn?

does this work if the user does not have Local Admin rights to the client machine?

Just cant download configuration file. Azure portal just give me a message "fail to download file. cant get uri"

Great video! 👍

This is great to get this stuff configured but doing these exact steps doesn't wire up dns to your vnet. I've done all of the steps and I can connect but I can't resolve any dns names in the vnet.

Azure VPN for P2S with MFA is ridiculously expensive at $6/user a month. Not sure if I can justify spending $10k/year for MFA. Might just end up not implementing MFA, even though we currently use MFA for onprem. (Edit: It looks like as of 5/14/2021 MFA is free for Azure VPN and no P1 license for users are needed)

Thanks for this greatb Vid

May I ask you if it's possible to use AD CS with P2S?

Great video. Can you assist with getting this deployed using Intune. Much appreciated

thanks. Does it work with OpenVPN client too?

Hi Travis your Videos are Amazing!!! I wanted to know how can i copy data from Oracle On-prem to Blob storage in Virtual network with out using integration runtime. Can it be possible?

Thanks a million, helpled me a lot, however, I have a question about authentication. I've removed the user from the group to see if he could still login or not, but the user could still establish a connection, I've tested with another user that was never a member of the allowed group, and it couldn't access, which means that my setup on the Azure VPN app is correct. Though, I've even disabled that test account, so it was unable to loginto the Azure portal, however, it's still able to VPN!!!! how to fix this please, other wise I can't have this feature in production, unsafe. Thank you!

Hi , your channel is really useful. I have one question....after log in with some user say test1 when I disconnect and connect again it does not require MFA. Is there any way I can force vpn client to ask for MFA everytime I hit connect , like when we use Connect-AzAccount it does not save token and ask for MFA each time.

Travis, what if we already have a VNet gateway for our site-to-site conneciton?
Can we use the site-to-site gateway or do we need a new gateway?

This is a great video guide. I was able to setup a P2S vpn easily just by following the steps from this video. Could you please help me with connecting to another vnet which has a gateway and is used to connect to on premise network. The other vnet has VMs in it. I want the P2S vpn users to access the resources available in that other vnet. Both resource groups are in the same region and under same subscription.

Hello Travis,
Thank you for all your videos :)
While connecting to VPN the device throws error "Connecting to VPN server failed with exception: No such host is known." however the diagnostics doesnt show any error. Do you happen to know about the issue?

Ok but you didn't go over how to VPN to the server after setting up Azure VPN Client. it still prompts me for a server username and password when mapping the drive.

Great Video, thanks..I tried implementing the same and everything works, however post connecting to the vpn I am unable to browse to the internet.

i am facing this error code CAA2000B and please show each step for this lab

Will Azure AD work with Hybrid AD?
Will this allow always-on VPN so the computer can talk to a Domain Controller in the VNET?

If that VPN Gateway has an S2S connection with an On-Premise site, would P2S users be able to connect to the On-Prem network too?

Very good, thank you, do you know if Azure VPN works with start before login like Cisco SBL?

This is an awesome demo and got me thinking perhaps a solution for updating remote users cached credentials on their PC after remote user reset their password via SSPR.. :)

Thanks

I receive the following error : Status = Server did not respond properly to VPN Control Packets. Session State: Key Material sent.

Absolutely fantastic .. why does it take a non-Microsoft person to explain the concept so clearly . the Microsoft guides are garbage

Need help :-(

it doesnt work "Keyset does not exist
", this is fucked up because googling "Azure VPN Client" "keyset does not exist" results in zero results!!!

Here comes the old Microsoft again...Active Directory configuration only supports a Windows only client. Useless for everyone except the smallest Microsoft only shops.

I have a free Azure AAD and I don't see azure VPN in the enterprise applications, what could be the reason? Is it because of the free subscription?