Great content. I loved the fact that you go directly to the central point of the video and still is able to deliver the details necessary to get the job done.

This video was a huge help! Great content, thanks for posting!

Job done in just a 15 min video. Thank you very much

This is really informative and easy to understand. Thanks!

If it hasn't already been pointed out, at 5:39 it says to select User VPN configuration. The wording has changed in the portal to Point-to-site configuration.

This is an awesome video! thank you so much.

Fabulous video, got me thru the process - very appreciative of your professional delivery too, clear and quick, covers all the bases without meandering. But can you help with one more question - what now? I can connect my user to the Azure gateway over VPN , but how do I get them to see their remote application on the VM? Thanks again.

Enjoy your videos Travis and learning a lot. One question my boss is asking is if the speed, latency and connection, is any different between regular RDP or using the VM? Thanks.

Very helpfull, I was missing the part of information for Azure AD URLs in the Microsoft docs. I managed to configure this with your help, thanks.

@Ciraltos

3 жыл бұрын

Glad it helped!

Great video. Thank you so much!!!

Thank you for this! No where in Microsoft documentation (that I could find) explained what the audience and issuer values needed to be so I was sitting here pulling my hair out until I found your video. Thank you!

@slobokrsmanovic5913

3 жыл бұрын

That's so true.

@bubba1984

2 жыл бұрын

Did you find out where audience comes from and is it just some magical value identical to everyone (unlikely) or specific value to the tenant or AAD and if yes where do we lift that off of?

@shaileshchaskar6093

Жыл бұрын

Absolutely valuable information - highly appreciated

Thanks for another great video

Amazing video! Thank you!

Hello Travis, awesome videos. I have a question, is there any option instead to use Local administrator permissions to connect? Most of my users are configured as Standard users.

Awesome, thanks for the video

Hi Travis. Thanks for this video. Supper helpful and easy to understand. Can the give admin consent step and restrict vpn to group step don via terraform?

Hi Travis, another great video. I do have a question, I couldn't get this to work. I currently have the VPN set to certificate based based on one of your other videos. I removed that then followed this tutorial so that login would be user based. At the point where you install the VPN client and import the xml file and test the VPN connection (before enabling MFA) my client fails with the following error "Server did not respond properly to VPN Control Packets. Session State: Key Material sent", any ideas? Did I not release the cert version before creating this one?

Excellent video

Thanks for this fabulous content. Can I add P2S as described here to an existing VNET that is already connected in a site-to-site VPN setting?

Very informative.. The content of the video is very good.. Thanks :)

@Ciraltos

2 жыл бұрын

Most welcome 😊

Thank you! If i already have a site to site vpn can i go into that and enable the point to site? Or do you need to create a new VPN just for the point to site? Awesome info

It’s clear and good

Hi Travis. Great Content. Love the delivery. I just have one question. Can I use the same GW as a Site to Site active VPN for my Azure to Site VPN or is it a must that I create a new GW?

@anishpjohn8372

2 жыл бұрын

You can use the same GW. Both S2S and P2S are included with the service

Great video and Great learning thanks . With this vpn connection can we access SQL server with private end point ?

That’s so cool! Almost to easy. I’m wondering if the azure app config can be deployed with Endpoint manager? The app wouldn’t be the problem, just wondering on the config.

@Southpaw07

3 жыл бұрын

great idea, .. and I'm also interested in a similar deployment for my remote users

Hi, Thanks so much for the video! I have a question, would you say it's best practice to set up a separate VNG with your Azure resources your VNG used for your VPN? Or does it not make a difference. I hope my question makes sense.

@jimcunliffe6998

Жыл бұрын

Old question but I agree. A "VPN DMZ" vnet which then uses VNET peering to connect to other vnets (using NSGs).

Great video! 👍

@Ciraltos

3 жыл бұрын

Glad you liked it!

Thank you, this video was instrumental in helping me configure and install a Client - Virtual Server App. I followed the video regarding the IP / Subnet Addresses and got it to work but any suggestions to better understand the logic behind this without having to become a network engineer?

I have a number of different virtual networks in my Azure, all with servers behind them. Currently the ports to remote desktop to the servers are locked to my home IP address but I need other people to also have access. Thanks to this video I have successfully setup VPN connections but how do I configure each networks file to allow access on some ports to VPN users?

Thanks for this amazing post. Is there a way to force MFA for all VPN connections (as opposed to the just the original connection)? Ideally, when i remove a user from the group, I don't want them to still be able to connect to the VPN. Currently, when i remove a user from the group, that user can still connect to the VPN. Is there a way to force MFA for all VPN connections? Currently, theres a cookie on the client machine that will allow them to connect even after the user is removed from the group. I want to enforce for all VPN connections MFA (and not only during the initial connection). Also, I followed this youtube video setup for context

Great video, Can this be connected to multiple regions? what are the costs?

Thanks for this greatb Vid

@Ciraltos

3 жыл бұрын

Glad you enjoyed it!

Azure VPN for P2S with MFA is ridiculously expensive at $6/user a month. Not sure if I can justify spending $10k/year for MFA. Might just end up not implementing MFA, even though we currently use MFA for onprem. (Edit: It looks like as of 5/14/2021 MFA is free for Azure VPN and no P1 license for users are needed)

I have a VNET peered to my AADDS VNET and i specify custom DNS servers. When I connect to the Azure VPN client, I lose name resolution on my laptop. Any recommendations on this issue?

Is it required to use IKEv2 with certificates on Mac OS? I couldn't find the Azure VPN client application for Mac OS.

Anyone help out. I have done this in the past with no issue following this video, now a separate instance and It will not connect after setting up VPN client. always fails to connect with "server did not respond properly to VPN control packets" key material sent.. Time on my PC is 100% I triple checked my settings, all seem fine?

Great video. Can you assist with getting this deployed using Intune. Much appreciated

Thank you for this content. However, I am disconnected from internet while I am connected to vpn- gateway through azure vpn client. How to solve this? I can't use Azurevpn p2s with AzureAD if I cant use internet at the same time. Thanks in advance.

Great Video, thanks..I tried implementing the same and everything works, however post connecting to the vpn I am unable to browse to the internet.

@joepiskapoo

3 жыл бұрын

This is a DNS problem on Azure..had the same problem. Change your DNS to google or a local DNS with the virtual network and you will get internet.

This is a great video guide. I was able to setup a P2S vpn easily just by following the steps from this video. Could you please help me with connecting to another vnet which has a gateway and is used to connect to on premise network. The other vnet has VMs in it. I want the P2S vpn users to access the resources available in that other vnet. Both resource groups are in the same region and under same subscription.

@MSKTim

3 жыл бұрын

you should use vnet peering for this

Hi Travis your Videos are Amazing!!! I wanted to know how can i copy data from Oracle On-prem to Blob storage in Virtual network with out using integration runtime. Can it be possible?

@Ciraltos

4 жыл бұрын

Not sure about Oracle specifically, but have you checked out AZCopy?

What do you think is better cert based with IKEv2 or OpenVPN AAD?

This is great to get this stuff configured but doing these exact steps doesn't wire up dns to your vnet. I've done all of the steps and I can connect but I can't resolve any dns names in the vnet.

Hi, thanks for this video. I am getting error "Vpn client configuration AAD Audience is not valid for gateway. AAD Audience must be a Guid.". But i double checked, audience code is correct. It is same with yours also i can copy it from my Azure VPN as well. But i am getting this error, any idea? Thank you!

This VPN did not change my public IP address. Is there any way to use this VPN (or any other VPN which can be used to connect azure VNet) to change my public IP address?

Thanks a million, helpled me a lot, however, I have a question about authentication. I've removed the user from the group to see if he could still login or not, but the user could still establish a connection, I've tested with another user that was never a member of the allowed group, and it couldn't access, which means that my setup on the Azure VPN app is correct. Though, I've even disabled that test account, so it was unable to loginto the Azure portal, however, it's still able to VPN!!!! how to fix this please, other wise I can't have this feature in production, unsafe. Thank you!

@ruffinruffin989

Ай бұрын

Did you ever figure out a solution? I have the same question/concern.

Hi , your channel is really useful. I have one question....after log in with some user say test1 when I disconnect and connect again it does not require MFA. Is there any way I can force vpn client to ask for MFA everytime I hit connect , like when we use Connect-AzAccount it does not save token and ask for MFA each time.

@jesuspenaranda585

4 жыл бұрын

Hi Ekansh, seems like MFA has an 1 hour minimum token, that means that user doesn’t need to re enter MFA until that time is reached.

@ekanshsingh9040

4 жыл бұрын

@@jesuspenaranda585 yes jesus, I saw that in conditional access. But is there any other way via which I can reduce this time or change configuration to not save token values after disconnecting vpn.

This is an awesome demo and got me thinking perhaps a solution for updating remote users cached credentials on their PC after remote user reset their password via SSPR.. :)

@Ciraltos

3 жыл бұрын

Glad to help

does this work if the user does not have Local Admin rights to the client machine?

May I ask you if it's possible to use AD CS with P2S?

thanks. Does it work with OpenVPN client too?

Travis, what if we already have a VNet gateway for our site-to-site conneciton? Can we use the site-to-site gateway or do we need a new gateway?

@Ciraltos

3 жыл бұрын

One gateway can do both. Here is a link to the limits per SKU. docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#benchmark

Just cant download configuration file. Azure portal just give me a message "fail to download file. cant get uri"

Will this work for Linux client machines? if no? any other possibilities to use azure ad MFA for Linux client machines for azure p2s vpn?

Hello Travis, Thank you for all your videos :) While connecting to VPN the device throws error "Connecting to VPN server failed with exception: No such host is known." however the diagnostics doesnt show any error. Do you happen to know about the issue?

@rstra3

3 жыл бұрын

If you are on a corporate issued PC you might have an issue with cisco or another security tool. Just put the IP and URL in your hosts file.

@jigneshvyas3105

Жыл бұрын

Just flush your dns cache with following commands in cmd. ipconfig /flushdns ipconfig/renew and reboot your pc.

Very good, thank you, do you know if Azure VPN works with start before login like Cisco SBL?

@Ciraltos

2 жыл бұрын

Thanks. Azure VPN does not support that.

Ok but you didn't go over how to VPN to the server after setting up Azure VPN Client. it still prompts me for a server username and password when mapping the drive.

Will Azure AD work with Hybrid AD? Will this allow always-on VPN so the computer can talk to a Domain Controller in the VNET?

@Ciraltos

3 жыл бұрын

It will work with hybrid identities sourced from Windows AD. It will not provide always on connectivity like Always On VPN.

Thanks

@Ciraltos

2 жыл бұрын

Thank you!

If that VPN Gateway has an S2S connection with an On-Premise site, would P2S users be able to connect to the On-Prem network too?

@04chavez

3 жыл бұрын

Yes, it can. All you have to do is to add the address pool of the point to site in the on-premise firewall device and add the address space in the PC, once added, you have to disconnect the point to site and connect and you will be able to reach Azure and Onpremise.

@joepiskapoo

3 жыл бұрын

@@04chavez it works sick but I have an issue with the client deployment. Can't seem to find an easy way (without intune) to deploy this.

i am facing this error code CAA2000B and please show each step for this lab

I receive the following error : Status = Server did not respond properly to VPN Control Packets. Session State: Key Material sent.

@UnderworldGrim

3 жыл бұрын

I'm getting the same error as well. Any luck?

@UnderworldGrim

3 жыл бұрын

Just figured this out. It's likely your issuer is incorrect. Make sure it's the right ID and has a / at the end of it. This fixed it for me.

Absolutely fantastic .. why does it take a non-Microsoft person to explain the concept so clearly . the Microsoft guides are garbage

Need help :-(

@Ciraltos

4 жыл бұрын

Have you seen the link below? The Directory ID needs the "/" at the end. github.com/MicrosoftDocs/azure-docs/issues/45598

it doesnt work "Keyset does not exist ", this is fucked up because googling "Azure VPN Client" "keyset does not exist" results in zero results!!!

@jimcunliffe6998

Жыл бұрын

it does now 😁

Here comes the old Microsoft again...Active Directory configuration only supports a Windows only client. Useless for everyone except the smallest Microsoft only shops.

@joepiskapoo

3 жыл бұрын

if you use Azure Active Directory authentication is supports windows, mac and linux

@floid33556

3 жыл бұрын

@@joepiskapoo sorry, but you are wrong. The VPN client only supports Windows.

@joepiskapoo

3 жыл бұрын

@@floid33556 the client yes, but you can use open vpn for linux to connect to the P2S

I have a free Azure AAD and I don't see azure VPN in the enterprise applications, what could be the reason? Is it because of the free subscription?