Since only a few days (and for the few that read this before the Ignite launch: in a few days) the Azure Virtual Network Gateway will support P2S connections based on OpenVPN. This means that the connections from all your clients to Azure networks becomes a whole lot easier. Connect with your phone, tablet, Mac or Linux computer easily and securely!
In order to enable the OpenVPN on the gateway, please read the Azure documentation, but what the documentation will tell you is that after you downloaded the client ZIP file, you need to inject a private and public key pair into the OpenVPN file. See, in the IkeV2 or SSTP that public private keypair was based on importing a certificate into the client. In an OpenVPN profile you need to have those as text in your OpenVPN profile file.
Extracting a private/public keypair from a PFX is not so easy. Yes, you can download openSSL and then type all kinds of commands to go from PFX to PEM and CER files, but then you still need to copy those values back into a text file and in your OpenVPN client file.
And that’s where the following script comes into play. If you have a PFX file and the downloaded ZIP from the Azure Gateway that is converted to support OpenVPN, just run the script and voila!.. a client file you can use.
So what does it do? The script takes a PFX file and the downloaded ZIP file from Azure as input and it will ask for the password (if not provided) and output the usable OpenVPN client file.
The script can also be used to just extract the private/public key pair. Without the need to install any other piece of software on your device. Just run the script in -SkipFileCreation mode and it outputs only the text values (which is really useful if you need to create a PEM / CER file combination).
So how to use it. Configure the Azure Virtual Gateway and put in the public key of the root certificate, similar to what you do for a standard P2S gateway and following the guides that are published for this. Then click download on the Gateway in Azure to download the VPN client:
You will be downloading a ZIP file. No need to unpack it, just remember where you saved it.
Then, as part of your P2S client configuration for IkeV2 and SSTP, you create client based PFX files and you need that PFX file.
Then you run the script:
.\CreateOvpn.ps1 -PFXFile .\MyClient.pfx -P2SZipFile ‘.\P2SGW-OpenVPN.zip’
During the runtime of the script, it will ask for the PFX password and then generate a file for you.
And that’s it…
Download it here