OpenVPN is an open-source VPN protocol that is trusted by many cloud service providers to provide site-to-site, point-to-site, and point-to-point connectivity to cloud resources. Now Azure AD authentication also works with OpenVPN protocol. This means we can use Azure AD features such as conditional access, user-based policies, Azure MFA with VPN authentication. In this Demo, I am going to demonstrate how to configure OpenVPN for Azure point-to-site VPN and then how to integrate Azure AD authentication with it.
1. To configure OpenVPN, first, we need to have a working point-to-site setup. The native Azure point-to-site VPN setup uses Azure certificate authentication. I wrote an article about it before and it can be accessed using http://www.rebeladmin.com/2018/07/step-step-guide-azure-point-site-vpn/
So, before we start, please go ahead and configure the VPN gateway with certificate authentication.
2. Also, I am going to use Azure PowerShell for configuration. Please make sure you have the Azure PowerShell module installed. More info about it can find under https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-2.6.0
Configure OpenVPN for Azure P2S VPN
1. Launch PowerShell console and connect to Azure using Connect-AzAccount (Using Global Administrator Account)
2. Then I ran Get-AzVirtualNetworkGateway -ResourceGroupName REBELVPNRG to review my VPN gateway configuration. Here REBELVPNRG is the resource group it belongs to.
3. Then let's go ahead and change the VPN client protocol to OpenVPN using,
$vpngw = Get-AzVirtualNetworkGateway -ResourceGroupName REBELVPNRG -name REBEL-VPN-GW
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $vpngw -VpnClientProtocol OpenVPN
In the above, REBEL-VPN-GW is the VPN gateway name.