Thanks for the feedback!

Thanks, please share the channel with others, goal to reach 100K subscribers this year!

Thanks for the feedback! I will start working on Virtual WAN. Great idea on Global Reach...I need to figure out how to do this without an ExpressRoute in my environment... :-)

Domain joining is not required for the open vpn client solution to work. My home computer is not Domain Joined at all

Thanks! Let me know what other videos I can make for you ☺️

Thanks for the feedback!

Thanks 👍👍

Technically it’s different. The Azure DNS entries will come down to the VPN client when you connect, additional DNS entries can be manually added in your OpenVPN config…but technically not needed

Yes, there is an OpenVPN server in the Azure Market place you can deploy. Additionally you can create your own VM and install Open VPN server on it

@@AzureAcademy splendid!! Cheers mate!

@@AzureAcademy that sounds like a great idea, do you mind elaborating more on that?

I can...but can you tell me on what exactly I should elaborate?

YES openVPN can help you do all that. ☺️

first of all this was an update video...I already had a VPN gateway - kzbin.info/www/bejne/hYWkm4Oom7CGa7c At 3:27 in the video you can see my gateway resources, and the one call AA-vnet-GW-PIP is my public IP for the gateway. So you do need a public IP for your gateway...if you didn't get one, then create one and associate it to the gateway. the gateway won't do routing for you...for that you need a router. In Azure we route traffic with the User Defined Route (UDR) on prem you should have physical or software routers.

Thanks Ganesh! Interesting idea on the P2S with AD Auth. Is there a reason you prefer that over certificate auth? I originally chose it because it is a seamless user experience. I will start working on Virtual WAN...stay tuned

Azure Academy I feel AD authentication would be much secure as it will have to be authenticated via some DC in your infrastructure. What flaw I see in certificate is if someone try’s to grab my cert which is not protected with private key and installs it in his machine can get access to my network subject to if he has the vpn package of mine

@@jadhav44 Also interested in that as the native Azure AD support in Azure VPN GW requires the Azure VPN App for Win 10 what unfortunately excludes Non-Windows OS from connecting to the network

I would not say more secure...but differently secure. AD and The method I showed BOTH use certificates...just differently

correct...you need a windows client to use the AD VPN right now

👍 Thanks 👍

TCP

You mean for site to site VPN…sure, but you need OpenVPN Server on the on prem side or the VPN appliance you have needs to support it

Yes, you need the certs and the .ovpn config file on the client devices before you can connect

@@AzureAcademy Hi Dean, so I only run the script on one PC, then just distribute the files in the VPN folder to all the other endusers?

yes, you create the OpenVPN Config on one system then you can copy the cert and config files to the other clients docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-openvpn-clients

Thanks Voval!

It was used to edit the open VPN files so they can be configured correctly. The profile info.txt file is part of the open VPN package.

Great question, I know openVPN works on mobile devices, but I never tried using my windows config file on my phone. I don’t think it works, but give it a try and let me know! 🤔

I will see what I can do…why do you want to use Radius?

@@AzureAcademy It is the only way to use the P2S for Mobile Devices. I am a Fan of the Azure VPN Client App. its on Mac OS and Windows. I have yet to see it on iOS. I am not a Android user at the moment so I don't know if its available for Them.

Got it…I haven’t set up my VPN for mobile yet…so good to know

where did you get the cert?

@@AzureAcademy I have created from my local PC and uploaded on azure ad to enable secure ldap

@@nimesis124 it may not be the right type of certificate. Not sure what Azure AD secure ldap requires

@@AzureAcademy Yup I also don't know But I followed the OpenVPN official documented procedure to create the cert and uploaded it with sure LDAP in Azure.

Hm…not sure about that one…I haven’t read that doc in a while, and secure ldap wasn’t there as far as I know when I did read it. My suggestion is to create a cert exactly like I did in the video…if that works then we KNOW something is not right in your ldap cert

Working on Virtual WAN...stay tuned!

I run it on my local computer and my account is a standard user...so from my experience, YES

@@AzureAcademy ok thanks for your reply. So we can create a openvpn profile and share it to n number of domain users .am i right?

If you build it like I did...as cert based...YES, if you use Password auth...then that is specific to each user.

Hey Da Great AND powerful Ryan! great question. Not that I know of...what would the purpose be, What problem are you trying to solve with a Point to Site VPN where a device should always have the same IP? Generally in the cloud we don't get concerned with the specific names of devices or ip addresses because we treat them as disposable...if we don't need them, delete them. rather then pets, were we care about them, maintain them, give them names etc. So I am interested in WHY you want this...if it is a great reason I can talk to the Product group about adding the feature! Thanks!

@@AzureAcademy I'm trying to install a Directory Server for my Company where it requires a Network Interface Controller (NIC) that locks on to a single IP, since I'm trying to install it on the VPN, there might be issues since the IP's issued are dynamic. I DM'd you on facebook, if we could talk more that would really be super, thanks for the quick reply!

by directory server I assume you mean an Active Directory Domain Controller. This is NOT something you would want to setup on a Point to Site or client based VPN. They do not have the bandwidth that is generally needed to have multiple servers and clients talking to it at once. You WOULD want to use a Site to Site VPN for this, or host the DC in Azure. Here is my video on Site to Site VPNs...and you can do it with your DC - kzbin.info/www/bejne/b3Smi2l_aKmFp68

I am working on a virtual WAN video. Is there anything specific you are looking for? You also mention hub and spoke, can you provide more details on that?

@@AzureAcademy E.g. By enabling S2S VPN, On-prem traffic goes to Azure Virtual Wan (hub) from Virtual Wan to production VNet (spokeA) from production VNet to Devlopment VNet (spokeB). Here how to define routes for Vnet(Spokes) ? In this case Virtual Wan shouldn't peer directly to Spokes(A&B)

Perfect...I will get to work on that...stay tuned

for Open VPN server running in Azure, you can use the Dev Test Labs function to stop the VM automatically. It powers down the VM at the same time every day. no functions needed.

Depends on how you are trying to ping. Ping isn’t a protocol that Azure generally controls. The VMs May have the windows firewall blocking ping.

If this is at your home Your client computer has a local IP address And your router will also have a public IP address Then when you use the VPN client you will get a new IP Address that will connect you to Azure. Does that help?

@@AzureAcademy I want that when i connect with "Azure VPN client" on my local machine, it should change my public IP address as well. Is it possible?

No it won’t change your public IP, but it will open a VPN tunnel which will give you a new IP on the VPN network

Thanks for the feedback!

no idea...what is the exact error message?

@@AzureAcademy "Dialing VPN Connection xxxxxx. Status = The operation was canceled by the user."

​@@Riya-nz4xq have you validated your certificate?

@@AzureAcademy yes

The only time I have seen that is when the client wasn’t configured with the cert and it didn’t know where to connect to. Did you configure the OpenVPN client with each step as I showed in the video?

Do you mean CAN you get to the internet through a VPN...yes, kinda...but generally NO, because you need internet access to get to your VPN, but what you can do is force DNS settings over VPN to control what they can get to on the internet...does that make sense?

@@AzureAcademy I need the user who is on HomeOffice to connect to Azure and use an Azure internet, for example, to access a web page released by public IP, because users have dynamic IP in their homes.

@@MACHADOPPO In order for them to get to Azure, they need internet access...VPN doesn't work without internet. If you need them to get to a public web page but you ONLY allow access from specific IP Addresses, then I would change the Allowed addresses to include your entire VPN subnet...for example 172.18.0.0/21 So ANYONE who is on the VPN can get to the web page, but no one else...then you don't need to know the specific IP of each person.

@@AzureAcademy Yes, I know that to access the VPN he needs internet .... What I want him to do when he is connected to the P2S VPN is to use the Public IP to access a WEB page with routing through the Virtual Network gateway, All HomeOffice users have a single Azure Public IP to reach the Web page released by the Azure public IP. Sorry if my English is not very explanatory, I am Brazilian and I have little fluency in the language. Thk very Much :)

no worries @@MACHADOPPO You are better than I am...I only speak english. 😉 The web page already has a public ip address...and customers all over the internet who go to your page would be routed to that IP address because of global DNS. This has nothing to do with a P2S VPN The P2S VPN purpose is to get the external user onto your internal network. but when they browse the internet they would still use their own Gateway. What you MIGHT be able to do is use a proxy. if you included a proxy pac in your P2S VPN then while they are connected to the VPN the internet traffic would go through the proxy but look into that and see if a proxy is right for you.

...hmm, what does happen?

Not that I know of, but maybe if you deploy the OpenVPN from the Azure marketplace...it is a full open VPN Server. It might have a site to site in there

On some...yes but it depends on your router 😊

Thanks for the feedback! I am working on Virtual WAN, but not sure how many or if I will be able to cover 3rd party solutions. You normally need those solutions, and I just have an Azure subscription...so we will see