Cvt Route Editor For Mac

Posted on |

Active7 years, 3 months ago

I am trying to add a route to my computer:

But of course it neverworks.

Is there a GUI tool that can manage routes for me? Adding routes by selecting gateways and interfaces? Changing metrics by typing them in?

Community
Ian Boyd

Editor's note: This review was based on a preproduction version of the 2018 Toyota Camry Hybrid SE. Although we don't expect our evaluation of ride quality or design to change, Toyota may revise. Bikemap is the world's biggest bike route collection. Find your perfect cycling route, create your own bike trails, and discover the most stunning cycling destinations. Train Simulator 2014 - Route Editor Tutorials. In this part I show how to create your own scenario with a drivable train and an AI consist on a simple route. Acela which allows you to drive your train as fast as 5.

Ian Boyd
13.4k40 gold badges112 silver badges164 bronze badges

closed as off-topic by Ben N, fixer1234, DavidPostill, Simon Sheehan, JakujeJun 15 '16 at 11:30

This question appears to be off-topic. The users who voted to close gave this specific reason:

  • 'Questions seeking product, service, or learning material recommendations are off-topic because they become outdated quickly and attract opinion-based answers. Instead, describe your situation and the specific problem you're trying to solve. Share your research. Here are a few suggestions on how to properly ask this type of question.' – Ben N, fixer1234, DavidPostill, Simon Sheehan, Jakuje
If this question can be reworded to fit the rules in the help center, please edit the question.

1 Answer

Yes, there are a lot of options, let me list some:

NetRouteView is a GUI alternative to the standard route utility (Route.exe) of Windows operating system. It displays the list of all routes on your current network, including the destination, mask, gateway, interface IP address, metric value, type, protocol, age (in seconds), interface name, and the MAC address. NetRouteView also allows you to easily add new routes, as well as to remove or modify existing static routes.

Win IP Configuration Manager is a replacement for the annoying command line tools 'ipconfig.exe' and 'route.exe'. This version also includes the 'netstat.exe' tool. Win IP Configuration Manager shows you the IP settings of the installed network interfaces. IP addresses obtained by DHCP can be renewed by Win IP Config. Routes can easily be added, removed, changed or made persistent by this tool. Network interfaces can administratively be enabled or disabled, repectively. Throughput statistics can be watched for each of the network interfaces in a separate window. The program has full capabilities with Windows 2000, Windows XP and Windows Vista. Some functions are not supported under Windows 98. Windows ME should behave like Windows 98, but this has not been tested.

Moreover, I still think the best way is following a good guide to do it(even using a GUI tool) because there are a lot of details to pay attention on changing routes.

DiogoDiogo
22.4k57 gold badges134 silver badges212 bronze badges

Not the answer you're looking for? Browse other questions tagged windowsnetworkingrouting or ask your own question.

Cvt-->

This article helps you securely connect individual clients running Windows, Linux, or Mac OS X to an Azure VNet. Point-to-Site VPN connections are useful when you want to connect to your VNet from a remote location, such when you are telecommuting from home or a conference. You can also use P2S instead of a Site-to-Site VPN when you have only a few clients that need to connect to a VNet. Point-to-Site connections do not require a VPN device or a public-facing IP address. P2S creates the VPN connection over either SSTP (Secure Socket Tunneling Protocol), or IKEv2. For more information about Point-to-Site VPN, see About Point-to-Site VPN.

Architecture

Point-to-Site native Azure certificate authentication connections use the following items, which you configure in this exercise:

  • A RouteBased VPN gateway.
  • The public key (.cer file) for a root certificate, which is uploaded to Azure. Once the certificate is uploaded, it is considered a trusted certificate and is used for authentication.
  • A client certificate that is generated from the root certificate. The client certificate installed on each client computer that will connect to the VNet. This certificate is used for client authentication.
  • A VPN client configuration. The VPN client configuration files contain the necessary information for the client to connect to the VNet. The files configure the existing VPN client that is native to the operating system. Each client that connects must be configured using the settings in the configuration files.

Example values

You can use the following values to create a test environment, or refer to these values to better understand the examples in this article:

  • VNet Name: VNet1
  • Address space: 192.168.0.0/16
    For this example, we use only one address space. You can have more than one address space for your VNet.
  • Subnet name: FrontEnd
  • Subnet address range: 192.168.1.0/24
  • Subscription: If you have more than one subscription, verify that you are using the correct one.
  • Resource Group: TestRG
  • Location: East US
  • GatewaySubnet: 192.168.200.0/24
  • DNS Server: (optional) IP address of the DNS server that you want to use for name resolution.
  • Virtual network gateway name: VNet1GW
  • Gateway type: VPN
  • VPN type: Route-based
  • Public IP address name: VNet1GWpip
  • Connection type: Point-to-site
  • Client address pool: 172.16.201.0/24
    VPN clients that connect to the VNet using this Point-to-Site connection receive an IP address from the client address pool.

1. Create a virtual network

Before beginning, verify that you have an Azure subscription. If you don't already have an Azure subscription, you can activate your MSDN subscriber benefits or sign up for a free account.

To create a VNet in the Resource Manager deployment model by using the Azure portal, follow the steps below. The screenshots are provided as examples. Be sure to replace the values with your own. For more information about working with virtual networks, see the Virtual Network Overview.

Note

If you want this VNet to connect to an on-premises location (in addition to creating a P2S configuration), you need to coordinate with your on-premises network administrator to carve out an IP address range that you can use specifically for this virtual network. If a duplicate address range exists on both sides of the VPN connection, traffic does not route the way you may expect it to. Additionally, if you want to connect this VNet to another VNet, the address space cannot overlap with other VNet. Take care to plan your network configuration accordingly.

  1. From a browser, navigate to the Azure portal and, if necessary, sign in with your Azure account.

  2. Click +. In the Search the marketplace field, type 'Virtual Network'. Locate Virtual Network from the returned list and click to open the Virtual Network page.

  3. Near the bottom of the Virtual Network page, from the Select a deployment model list, select Resource Manager, and then click Create.

  4. On the Create virtual network page, configure the VNet settings. When you fill in the fields, the red exclamation mark becomes a green check mark when the characters entered in the field are valid. There may be values that are auto-filled. If so, replace the values with your own. The Create virtual network page looks similar to the following example:

  5. Name: Enter the name for your Virtual Network.

  6. Address space: Enter the address space. If you have multiple address spaces to add, add your first address space. You can add additional address spaces later, after creating the VNet.

  7. Subscription: Verify that the Subscription listed is the correct one. You can change subscriptions by using the drop-down.

  8. Resource group: Select an existing resource group, or create a new one by typing a name for your new resource group. If you are creating a new group, name the resource group according to your planned configuration values. For more information about resource groups, visit Azure Resource Manager Overview.

  9. Location: Select the location for your VNet. The location determines where the resources that you deploy to this VNet will reside.

  10. Subnet: Add the subnet name and subnet address range. You can add additional subnets later, after creating the VNet.

  11. Select Pin to dashboard if you want to be able to find your VNet easily on the dashboard, and then click Create.

  12. After clicking Create, you will see a tile on your dashboard that will reflect the progress of your VNet. The tile changes as the VNet is being created.

2. Add a gateway subnet

Cvt Route Editor For Mac

Before connecting your virtual network to a gateway, you first need to create the gateway subnet for the virtual network to which you want to connect. The gateway services use the IP addresses specified in the gateway subnet. If possible, create a gateway subnet using a CIDR block of /28 or /27 to provide enough IP addresses to accommodate additional future configuration requirements.

  1. In the portal, navigate to the Resource Manager virtual network for which you want to create a virtual network gateway.

  2. In the Settings section of your VNet page, click Subnets to expand the Subnets page.

  3. On the Subnets page, click +Gateway subnet to open the Add subnet page.

  4. The Name for your subnet is automatically filled in with the value 'GatewaySubnet'. This value is required in order for Azure to recognize the subnet as the gateway subnet. Adjust the auto-filled Address range values to match your configuration requirements. Don't configure Route table or Service endpoints.

  5. Click OK at the bottom of the page to create the subnet.

3. Specify a DNS server (optional)

After you create your virtual network, you can add the IP address of a DNS server to handle name resolution. The DNS server is optional for this configuration, but required if you want name resolution. Specifying a value does not create a new DNS server. The DNS server IP address that you specify should be a DNS server that can resolve the names for the resources you are connecting to. For this example, we used a private IP address, but it is likely that this is not the IP address of your DNS server. Be sure to use your own values. The value you specify is used by the resources that you deploy to the VNet, not by the P2S connection or the VPN client.

  1. On the Settings page for your virtual network, navigate to DNS servers and click to open the DNS servers page.

    • DNS Servers: Select Custom.
    • Add DNS server: Enter the IP address of the DNS server that you want to use for name resolution.

  2. When you are done adding DNS servers, click Save at the top of the page.

4. Create a virtual network gateway

  1. In the portal, on the left side, click + Create a resource and type 'Virtual Network Gateway' in search. Locate Virtual network gateway in the search return and click the entry. On the Virtual network gateway page, click Create. This opens the Create virtual network gateway page.

  2. On the Create virtual network gateway page, fill in the values for your virtual network gateway.

    Project details

    • Subscription: Select the subscription you want to use from the dropdown.
    • Resource Group: This setting is autofilled when you select your virtual network on this page.

    Instance details

    • Name: Name your gateway. Naming your gateway not the same as naming a gateway subnet. It's the name of the gateway object you are creating.

    • Region: Select the region in which you want to create this resource. The region for the gateway must be the same as the virtual network.

    • Gateway type: Select VPN. VPN gateways use the virtual network gateway type VPN.

    • VPN type: Select the VPN type that is specified for your configuration. Most configurations require a Route-based VPN type.

    • SKU: Select the gateway SKU from the dropdown. The SKUs listed in the dropdown depend on the VPN type you select. For more information about gateway SKUs, see Gateway SKUs.

      Virtual network: Choose the virtual network to which you want to add this gateway.

      Gateway subnet address range: This field only appears if the virtual network you selected does not have a gateway subnet. Fill in the range if you don't already have a gateway subnet. If possible, make the range /27 or larger (/26,/25 etc.)

    Public IP address: This setting specifies the public IP address object that gets associated to the VPN gateway. The public IP address is dynamically assigned to this object when the VPN gateway is created. VPN Gateway currently only supports Dynamic Public IP address allocation. However, this does not mean that the IP address changes after it has been assigned to your VPN gateway. The only time the Public IP address changes is when the gateway is deleted and re-created. It doesn't change across resizing, resetting, or other internal maintenance/upgrades of your VPN gateway.

    • Public IP address: Leave Create new selected.
    • Public IP address name: In the text box, type a name for your public IP address instance.
    • Assignment: VPN gateway supports only Dynamic.

    Active-Active mode: Only select Enable active-active mode if you are creating an active-active gateway configuration. Otherwise, leave this setting unselected.

    Leave Configure BGP ASN deselected, unless your configuration specifically requires this setting. If you do require this setting, the default ASN is 65515, although this can be changed.

  3. Click Review + Create to run validation. Once validation passes, click Create to deploy the VPN gateway. A gateway can take up to 45 minutes to fully create and deploy. You can see the deployment status on the Overview page for your gateway.

After the gateway is created, you can view the IP address that has been assigned to it by looking at the virtual network in the portal. The gateway appears as a connected device.

Note

The Basic gateway SKU does not support IKEv2 or RADIUS authentication. If you plan on having Mac clients connect to your virtual network, do not use the Basic SKU.

5. Generate certificates

Certificates are used by Azure to authenticate clients connecting to a VNet over a Point-to-Site VPN connection. Once you obtain a root certificate, you upload the public key information to Azure. The root certificate is then considered 'trusted' by Azure for connection over P2S to the virtual network. You also generate client certificates from the trusted root certificate, and then install them on each client computer. The client certificate is used to authenticate the client when it initiates a connection to the VNet.

1. Obtain the .cer file for the root certificate

Use either a root certificate that was generated with an enterprise solution (recommended), or generate a self-signed certificate. After you create the root certificate, export the public certificate data (not the private key) as a Base64 encoded X.509 .cer file. Then, upload the public certificate data to the Azure server.

  • Enterprise certificate: If you're using an enterprise solution, you can use your existing certificate chain. Acquire the .cer file for the root certificate that you want to use.

  • Self-signed root certificate: If you aren't using an enterprise certificate solution, create a self-signed root certificate. Otherwise, the certificates you create won't be compatible with your P2S connections and clients will receive a connection error when they try to connect. You can use Azure PowerShell, MakeCert, or OpenSSL. The steps in the following articles describe how to generate a compatible self-signed root certificate:

    • Windows 10 PowerShell instructions: These instructions require Windows 10 and PowerShell to generate certificates. Client certificates that are generated from the root certificate can be installed on any supported P2S client.
    • MakeCert instructions: Use MakeCert if you don't have access to a Windows 10 computer to use to generate certificates. Although MakeCert is deprecated, you can still use it to generate certificates. Client certificates that you generate from the root certificate can be installed on any supported P2S client.

2. Generate a client certificate

Each client computer that you connect to a VNet with a Point-to-Site connection must have a client certificate installed. You generate it from the root certificate and install it on each client computer. If you don't install a valid client certificate, authentication will fail when the client tries to connect to the VNet.

You can either generate a unique certificate for each client, or you can use the same certificate for multiple clients. The advantage to generating unique client certificates is the ability to revoke a single certificate. Otherwise, if multiple clients use the same client certificate to authenticate and you revoke it, you'll need to generate and install new certificates for every client that uses that certificate.

You can generate client certificates by using the following methods:

  • Enterprise certificate:

    • If you're using an enterprise certificate solution, generate a client certificate with the common name value format name@yourdomain.com. Use this format instead of the domain nameusername format.
    • Make sure the client certificate is based on a user certificate template that has Client Authentication listed as the first item in the user list. Check the certificate by double-clicking it and viewing Enhanced Key Usage in the Details tab.

  • Self-signed root certificate: Follow the steps in one of the following P2S certificate articles so that the client certificates you create will be compatible with your P2S connections. The steps in these articles generate a compatible client certificate:

    • Windows 10 PowerShell instructions: These instructions require Windows 10 and PowerShell to generate certificates. The generated certificates can be installed on any supported P2S client.
    • MakeCert instructions: Use MakeCert if you don't have access to a Windows 10 computer for generating certificates. Although MakeCert is deprecated, you can still use it to generate certificates. You can install the generated certificates on any supported P2S client.

    When you generate a client certificate from a self-signed root certificate, it's automatically installed on the computer that you used to generate it. If you want to install a client certificate on another client computer, export it as a .pfx file, along with the entire certificate chain. Doing so will create a .pfx file that contains the root certificate information required for the client to authenticate.

To export the certificate

For steps to export a certificate, see Generate and export certificates for Point-to-Site using PowerShell.

6. Add the client address pool

The client address pool is a range of private IP addresses that you specify. The clients that connect over a Point-to-Site VPN dynamically receive an IP address from this range. Use a private IP address range that does not overlap with the on-premises location that you connect from, or the VNet that you want to connect to.

  1. Once the virtual network gateway has been created, navigate to the Settings section of the virtual network gateway page. In the Settings section, click Point-to-site configuration.

  2. Click Configure now to open the configuration page.

  3. On the Point-to-site configuration page, in the Address pool box, add the private IP address range that you want to use. VPN clients dynamically receive an IP address from the range that you specify. The minimum subnet mask is 29 bit for active/passive and 28 bit for active/active configuration. Click Save to validate and save the setting.

    Note

    If you don't see Tunnel type or Authentication type in the portal on this page, your gateway is using the Basic SKU. The Basic SKU does not support IKEv2 or RADIUS authentication.

7. Configure tunnel type

You can select the tunnel type. The tunnel options are OpenVPN, SSTP and IKEv2. The strongSwan client on Android and Linux and the native IKEv2 VPN client on iOS and OSX will use only IKEv2 tunnel to connect. Windows clients try IKEv2 first and if that doesn’t connect, they fall back to SSTP. You can use the OpenVPN client to connect to the OpenVPN tunnel type.

8. Configure authentication type

Select Azure certificate.

9. Upload the root certificate public certificate data

You can upload additional trusted root certificates up to a total of 20. Once the public certificate data is uploaded, Azure can use it to authenticate clients that have installed a client certificate generated from the trusted root certificate. Upload the public key information for the root certificate to Azure.

  1. Certificates are added on the Point-to-site configuration page in the Root certificate section.

  2. Make sure that you exported the root certificate as a Base-64 encoded X.509 (.cer) file. You need to export the certificate in this format so you can open the certificate with text editor.

  3. Open the certificate with a text editor, such as Notepad. When copying the certificate data, make sure that you copy the text as one continuous line without carriage returns or line feeds. You may need to modify your view in the text editor to 'Show Symbol/Show all characters' to see the carriage returns and line feeds. Copy only the following section as one continuous line:

  4. Paste the certificate data into the Public Certificate Data field. Name the certificate, and then click Save. You can add up to 20 trusted root certificates.

  5. Click Save at the top of the page to save all of the configuration settings.

10. Install an exported client certificate

If you want to create a P2S connection from a client computer other than the one you used to generate the client certificates, you need to install a client certificate. When installing a client certificate, you need the password that was created when the client certificate was exported.

Make sure the client certificate was exported as a .pfx along with the entire certificate chain (which is the default). Otherwise, the root certificate information isn't present on the client computer and the client won't be able to authenticate properly.

For install steps, see Install a client certificate.

11. Generate and install the VPN client configuration package

The VPN client configuration files contain settings to configure devices to connect to a VNet over a P2S connection. For instructions to generate and install VPN client configuration files, see Create and install VPN client configuration files for native Azure certificate authentication P2S configurations.

12. Connect to Azure

To connect from a Windows VPN client

Note

You must have Administrator rights on the Windows client computer from which you are connecting.

  1. To connect to your VNet, on the client computer, navigate to VPN connections and locate the VPN connection that you created. It is named the same name as your virtual network. Click Connect. A pop-up message may appear that refers to using the certificate. Click Continue to use elevated privileges.

  2. On the Connection status page, click Connect to start the connection. If you see a Select Certificate screen, verify that the client certificate showing is the one that you want to use to connect. If it is not, use the drop-down arrow to select the correct certificate, and then click OK.

  3. Your connection is established.

Troubleshoot Windows P2S connections

If you have trouble connecting, check the following items:

  • If you exported a client certificate with Certificate Export Wizard, make sure that you exported it as a .pfx file and selected Include all certificates in the certification path if possible. When you export it with this value, the root certificate information is also exported. After you install the certificate on the client computer, the root certificate in the .pfx file is also installed. To verify that the root certificate is installed, open Manage user certificates and select Trusted Root Certification AuthoritiesCertificates. Verify that the root certificate is listed, which must be present for authentication to work.

  • If you used a certificate that was issued by an Enterprise CA solution and you can't authenticate, verify the authentication order on the client certificate. Check the authentication list order by double-clicking the client certificate, selecting the Details tab, and then selecting Enhanced Key Usage. Make sure Client Authentication is the first item in the list. If it isn't, issue a client certificate based on the user template that has Client Authentication as the first item in the list.

  • For additional P2S troubleshooting information, see Troubleshoot P2S connections.

To connect from a Mac VPN client

From the Network dialog box, locate the client profile that you want to use, specify the settings from the VpnSettings.xml, and then click Connect.

Check Install - Mac (OS X) for detailed instructions. If you are having trouble connecting, verify that the virtual network gateway is not using a Basic SKU. Basic SKU is not supported for Mac clients.

To verify your connection

These instructions apply to Windows clients.

  1. To verify that your VPN connection is active, open an elevated command prompt, and run ipconfig/all.

  2. View the results. Notice that the IP address you received is one of the addresses within the Point-to-Site VPN Client Address Pool that you specified in your configuration. The results are similar to this example:

To connect to a virtual machine

Pdf Editor For Mac

These instructions apply to Windows clients.

You can connect to a VM that is deployed to your VNet by creating a Remote Desktop Connection to your VM. The best way to initially verify that you can connect to your VM is to connect by using its private IP address, rather than computer name. That way, you are testing to see if you can connect, not whether name resolution is configured properly.

  1. Locate the private IP address. You can find the private IP address of a VM by either looking at the properties for the VM in the Azure portal, or by using PowerShell.

    • Azure portal - Locate your virtual machine in the Azure portal. View the properties for the VM. The private IP address is listed.

    • PowerShell - Use the example to view a list of VMs and private IP addresses from your resource groups. You don't need to modify this example before using it.

  2. Verify that you are connected to your VNet using the Point-to-Site VPN connection.

  3. Open Remote Desktop Connection by typing 'RDP' or 'Remote Desktop Connection' in the search box on the taskbar, then select Remote Desktop Connection. You can also open Remote Desktop Connection using the 'mstsc' command in PowerShell.

  4. In Remote Desktop Connection, enter the private IP address of the VM. You can click 'Show Options' to adjust additional settings, then connect.

To troubleshoot an RDP connection to a VM

If you are having trouble connecting to a virtual machine over your VPN connection, check the following:

  • Verify that your VPN connection is successful.
  • Verify that you are connecting to the private IP address for the VM.
  • Use 'ipconfig' to check the IPv4 address assigned to the Ethernet adapter on the computer from which you are connecting. If the IP address is within the address range of the VNet that you are connecting to, or within the address range of your VPNClientAddressPool, this is referred to as an overlapping address space. When your address space overlaps in this way, the network traffic doesn't reach Azure, it stays on the local network.
  • If you can connect to the VM using the private IP address, but not the computer name, verify that you have configured DNS properly. For more information about how name resolution works for VMs, see Name Resolution for VMs.
  • Verify that the VPN client configuration package was generated after the DNS server IP addresses were specified for the VNet. If you updated the DNS server IP addresses, generate and install a new VPN client configuration package.
  • For more information about RDP connections, see Troubleshoot Remote Desktop connections to a VM.

To add or remove trusted root certificates

Cvt Route Editor For Mac

You can add and remove trusted root certificates from Azure. When you remove a root certificate, clients that have a certificate generated from that root won't be able to authenticate, and thus will not be able to connect. If you want a client to authenticate and connect, you need to install a new client certificate generated from a root certificate that is trusted (uploaded) to Azure.

To add a trusted root certificate

You can add up to 20 trusted root certificate .cer files to Azure. For instructions, see the section Upload a trusted root certificate in this article.

To remove a trusted root certificate

  1. To remove a trusted root certificate, navigate to the Point-to-site configuration page for your virtual network gateway.
  2. In the Root certificate section of the page, locate the certificate that you want to remove.
  3. Click the ellipsis next to the certificate, and then click 'Remove'.

To revoke a client certificate

You can revoke client certificates. The certificate revocation list allows you to selectively deny Point-to-Site connectivity based on individual client certificates. This is different than removing a trusted root certificate. If you remove a trusted root certificate .cer from Azure, it revokes the access for all client certificates generated/signed by the revoked root certificate. Revoking a client certificate, rather than the root certificate, allows the other certificates that were generated from the root certificate to continue to be used for authentication.

The common practice is to use the root certificate to manage access at team or organization levels, while using revoked client certificates for fine-grained access control on individual users.

Photo Editor For Mac

Revoke a client certificate

You can revoke a client certificate by adding the thumbprint to the revocation list.

  1. Retrieve the client certificate thumbprint. For more information, see How to retrieve the Thumbprint of a Certificate.
  2. Copy the information to a text editor and remove all spaces so that it is a continuous string.
  3. Navigate to the virtual network gateway Point-to-site-configuration page. This is the same page that you used to upload a trusted root certificate.
  4. In the Revoked certificates section, input a friendly name for the certificate (it doesn't have to be the certificate CN).
  5. Copy and paste the thumbprint string to the Thumbprint field.
  6. The thumbprint validates and is automatically added to the revocation list. A message appears on the screen that the list is updating.
  7. After updating has completed, the certificate can no longer be used to connect. Clients that try to connect using this certificate receive a message saying that the certificate is no longer valid.

Free Pdf Editor For Mac

Point-to-Site FAQ

How many VPN client endpoints can I have in my Point-to-Site configuration?

It depends on the gateway SKU. For more information on the number of connections supported, see Gateway SKUs.

What client operating systems can I use with Point-to-Site?

The following client operating systems are supported:

  • Windows 7 (32-bit and 64-bit)
  • Windows Server 2008 R2 (64-bit only)
  • Windows 8.1 (32-bit and 64-bit)
  • Windows Server 2012 (64-bit only)
  • Windows Server 2012 R2 (64-bit only)
  • Windows Server 2016 (64-bit only)
  • Windows 10
  • Mac OS X version 10.11 or above
  • Linux (StrongSwan)
  • iOS

Note

Starting July 1, 2018, support is being removed for TLS 1.0 and 1.1 from Azure VPN Gateway. VPNGateway will support only TLS 1.2. To maintain support, see the updates to enable support for TLS1.2.

Additionally, the following legacy algorithms will also be deprecated for TLS on July 1, 2018:

  • RC4 (Rivest Cipher 4)
  • DES (Data Encryption Algorithm)
  • 3DES (Triple Data Encryption Algorithm)
  • MD5 (Message Digest 5)

How do I enable support for TLS 1.2 in Windows 7 and Windows 8.1?

  1. Open a command prompt with elevated privileges by right-clicking on Command Prompt and selecting Run as administrator.

  2. Run the following commands in the command prompt:

  3. Install the following updates:

  4. Reboot the computer.

  5. Connect to the VPN.

Note

You will have to set the above registry key if you are running an older version of Windows 10 (10240).

Can I traverse proxies and firewalls using Point-to-Site capability?

Azure supports three types of Point-to-site VPN options:

  • Secure Socket Tunneling Protocol (SSTP). SSTP is a Microsoft proprietary SSL-based solution that can penetrate firewalls since most firewalls open the outbound TCP port that 443 SSL uses.

  • OpenVPN. OpenVPN is a SSL-based solution that can penetrate firewalls since most firewalls open the outbound TCP port that 443 SSL uses.

  • IKEv2 VPN. IKEv2 VPN is a standards-based IPsec VPN solution that uses outbound UDP ports 500 and 4500 and IP protocol no. 50. Firewalls do not always open these ports, so there is a possibility of IKEv2 VPN not being able to traverse proxies and firewalls.

If I restart a client computer configured for Point-to-Site, will the VPN automatically reconnect?

By default, the client computer will not reestablish the VPN connection automatically.

Does Point-to-Site support auto-reconnect and DDNS on the VPN clients?

Auto-reconnect and DDNS are currently not supported in Point-to-Site VPNs.

Free Video Editor For Mac

Can I have Site-to-Site and Point-to-Site configurations coexist for the same virtual network?

Video Editor For Mac

Yes. For the Resource Manager deployment model, you must have a RouteBased VPN type for your gateway. For the classic deployment model, you need a dynamic gateway. We do not support Point-to-Site for static routing VPN gateways or PolicyBased VPN gateways.

Can I configure a Point-to-Site client to connect to multiple virtual networks at the same time?

No. A Point-to-Site client can only connect to resources in the VNet in which the virtual network gateway resides.

How much throughput can I expect through Site-to-Site or Point-to-Site connections?

It's difficult to maintain the exact throughput of the VPN tunnels. IPsec and SSTP are crypto-heavy VPN protocols. Throughput is also limited by the latency and bandwidth between your premises and the Internet. For a VPN Gateway with only IKEv2 Point-to-Site VPN connections, the total throughput that you can expect depends on the Gateway SKU. For more information on throughput, see Gateway SKUs.

Can I use any software VPN client for Point-to-Site that supports SSTP and/or IKEv2?

No. You can only use the native VPN client on Windows for SSTP, and the native VPN client on Mac for IKEv2. However, you can use the OpenVPN client on all platforms to connect over OpenVPN protocol. Refer to the list of supported client operating systems.

Does Azure support IKEv2 VPN with Windows?

IKEv2 is supported on Windows 10 and Server 2016. However, in order to use IKEv2, you must install updates and set a registry key value locally. OS versions prior to Windows 10 are not supported and can only use SSTP or OpenVPN® Protocol.

Html Editor For Mac

To prepare Windows 10 or Server 2016 for IKEv2:

  1. Install the update.

    OS versionDateNumber/Link
    Windows Server 2016
    Windows 10 Version 1607    		January 17, 2018KB4057142
    Windows 10 Version 1703January 17, 2018KB4057144
    Windows 10 Version 1709March 22, 2018KB4089848

  2. Set the registry key value. Create or set “HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRasMan IKEv2DisableCertReqPayload” REG_DWORD key in the registry to 1.

What happens when I configure both SSTP and IKEv2 for P2S VPN connections?

When you configure both SSTP and IKEv2 in a mixed environment (consisting of Windows and Mac devices), the Windows VPN client will always try IKEv2 tunnel first, but will fall back to SSTP if the IKEv2 connection is not successful. MacOSX will only connect via IKEv2.

Other than Windows and Mac, which other platforms does Azure support for P2S VPN?

Azure supports Windows, Mac and Linux for P2S VPN.

I already have an Azure VPN Gateway deployed. Can I enable RADIUS and/or IKEv2 VPN on it?

Yes, you can enable these new features on already deployed gateways using Powershell or the Azure portal, provided that the gateway SKU that you are using supports RADIUS and/or IKEv2. For example, the VPN gateway Basic SKU does not support RADIUS or IKEv2.

Can I use my own internal PKI root CA to generate certificates for Point-to-Site connectivity?

Cvt Route Editor For Mac

Yes. Previously, only self-signed root certificates could be used. You can still upload 20 root certificates.

Can I use certificates from Azure Key Vault?

No.

What tools can I use to create certificates?

You can use your Enterprise PKI solution (your internal PKI), Azure PowerShell, MakeCert, and OpenSSL.

Are there instructions for certificate settings and parameters?

  • Internal PKI/Enterprise PKI solution: See the steps to Generate certificates.

  • Azure PowerShell: See the Azure PowerShell article for steps.

  • MakeCert: See the MakeCert article for steps.

  • OpenSSL:

    • When exporting certificates, be sure to convert the root certificate to Base64.

    • For the client certificate:

      • When creating the private key, specify the length as 4096.
      • When creating the certificate, for the -extensions parameter, specify usr_cert.

Next steps

Once your connection is complete, you can add virtual machines to your virtual networks. For more information, see Virtual Machines. To understand more about networking and virtual machines, see Azure and Linux VM network overview.

For P2S troubleshooting information, Troubleshooting Azure point-to-site connections.