PPP adapter VNet1: Connection-specific DNS Suffix .: Description......

1. PPP adapter VNet1:
2. Connection-specific DNS Suffix .:
3. Description.....................: VNet1
4. Physical Address................:
5. DHCP Enabled....................: No
6. Autoconfiguration Enabled.......: Yes
7. IPv4 Address....................: 172.16.201.3(Preferred)
8. Subnet Mask.....................: 255.255.255.255
9. Default Gateway.................:
10. NetBIOS over Tcpip..............: Enabled
11.  
12. apt-get install strongswan-ikev2 strongswan-plugin-eap-tls
13. # in Ubuntu 16.04 install libstrongswan-standard-plugins for p12 keypair container support
14. apt-get install libstrongswan-standard-plugins
15.  
16. sudo sed -i 's/sload =.*/ load = no/g' /etc/strongswan.d/charon/openssl.conf
17.  
18. sudo sed -i 's/sload =.*/ load = no/g' /etc/strongswan.d/charon/{af-alg,ctr,gcrypt}.conf
19.  
20. # Generate CA
21. ipsec pki --gen --outform pem > caKey.pem
22. ipsec pki --self --in caKey.pem --dn "CN=VPN CA" --ca --outform pem > caCert.pem
23. # Print CA certificate in base64 format, supported by Azure portal. Will be used later in this document.
24. openssl x509 -in caCert.pem -outform der | base64 -w0 ; echo
25.  
26. # Generate user's certificate and put it into p12 bundle.
27. export PASSWORD="password"
28. export USERNAME="client"
29. ipsec pki --gen --outform pem > "${USERNAME}Key.pem"
30. ipsec pki --pub --in "${USERNAME}Key.pem" | ipsec pki --issue --cacert caCert.pem --cakey caKey.pem --dn "CN=${USERNAME}" --san "${USERNAME}" --flag clientAuth --outform pem > "${USERNAME}Cert.pem"
31. # Generate p12 bundle
32. openssl pkcs12 -in "${USERNAME}Cert.pem" -inkey "${USERNAME}Key.pem" -certfile caCert.pem -export -out "${USERNAME}.p12" -password "pass:${PASSWORD}"
33.  
34. sudo unzip -j downloaded.zip Generic/VpnServerRoot.cer -d /etc/ipsec.d/cacerts
35.  
36. openssl x509 -inform der -in /etc/ipsec.d/cacerts/VpnServerRoot.cer -text -noout
37.  
38. $ unzip -p downloaded.zip Generic/VpnSettings.xml | grep VpnServer
39. <VpnServer>azuregateway-00112233-4455-6677-8899-aabbccddeeff-aabbccddeeff.cloudapp.net</VpnServer>
40.  
41. sudo cp client.p12 /etc/ipsec.d/private/
42.  
43. config setup
44.  
45. conn azure
46. keyexchange=ikev2
47. type=tunnel
48. leftfirewall=yes
49. left=%any
50. leftauth=eap-tls
51. leftid=%client # use the DNS alternative name prefixed with the %
52. right=azuregateway-00112233-4455-6677-8899-aabbccddeeff-aabbccddeeff.cloudapp.net # Azure VPN gateway address
53. rightid=%azuregateway-00112233-4455-6677-8899-aabbccddeeff-aabbccddeeff.cloudapp.net # Azure VPN gateway address, prefixed with %
54. rightsubnet=0.0.0.0/0
55. leftsourceip=%config
56. auto=add
57.  
58. : P12 client.p12 'password' # key filename inside /etc/ipsec.d/private directory
59.  
60. sudo ipsec restart
61. sudo ipsec up azure