If you are having trouble with the point-to-site VPN configuration in Windows Azure, here are some tips about the procedure:
- Follow the procedure located at http://msdn.microsoft.com/en-us/library/windowsazure/dn133792.aspx for creating the virtual network and the gateway.
- When configuring the certificates for the VPN connection, first create the self-signed root certificate with the following command:
makecert -sky exchange -r -n "CN=RootCertificateName" –pe -a sha1 -len 2048 -ss My
- The above command creates a self-signed root certificate and stores it in your certificate store (Certificates – Current User\Personal\Certificates). Next, export that certificate to a .cer file and upload it to Azure from the dashboard of the virtual network using the Upload client certificate link (the name of that link will probably be changed in the future ) I also stored the root certificate in my Trusted Roots.
- Now create a client certificate with the self-signed root certificate as the issuer. The command I used is different from the one in the documentation because it did not work for me. I used:
makecert -n "CN=ClientCertificateName" -pe -sky exchange -m 96 -ss
my -a sha1 -is my -in "RootCertificateName"
- The above command creates the client certificate in the same store as the root certificate and uses the root certificate previously generated as the issuer. Be sure to check that the issuer is the root certificate you uploaded to Azure.
In the dashboard of the virtual network, download the x64 or x86 client VPN package and install it. There will be an extra network connection that uses SSTP to connect to your Azure gateway:
In Azure the dashboard should show connected clients: