Then, select IKEv2 and generate the zip file again to retrieve the Generic folder. On the VPN gateway, verify that the SKU isn’t Basic. Note that the VPN gateway Basic SKU doesn’t support IKEv2. If you don't see the Generic folder in your download, it's likely that IKEv2 wasn’t selected as a tunnel type. You can find all of the information that you need for configuration in the Generic folder. Azure doesn’t provide a mobileconfig file. In order to connect to Azure, you must manually configure the native IKEv2 VPN client. The VPN connection shows the name of the virtual network that it connects to.
Generate the VPN client configuration files using the following command: $profile=New-AzVpnClientConfiguration -ResourceGroupName "TestRG" -Name "VNet1GW" -AuthenticationMethod "EapTls"Ĭopy the URL to your browser to download the zip file, then unzip the file to view the folders. When generating VPN client configuration files, the value for '-AuthenticationMethod' is 'EapTls'. It's named the same name as your gateway. Once the configuration package has been generated, your browser indicates that a client configuration zip file is available. During this time, you may not see any indications until the packet has generated. It takes a few minutes for the client configuration package to generate.
This doesn't download VPN client software, it generates the configuration package used to configure VPN clients. On the virtual network gateway page, select Point-to-site configuration to open the Point-to-site configuration page.Īt the top of the Point-to-site configuration page, select Download VPN client. In the Azure portal, navigate to the virtual network gateway for the virtual network that you want to connect to. If only SSTP is configured, then the Generic folder isn’t present. The Generic folder is provided if IKEv2 or SSTP+IKEv2 was configured on the gateway.
If you are using TLS for point-to-site connections on Windows 7 and Windows 8 clients, see the VPN Gateway FAQ for update instructions.
If you’re using TLS for point-to-site VPNs on Windows 10 clients, you don’t need to take any action. Only point-to-site connections are impacted site-to-site connections will not be affected. Starting July 1, 2018, support is being removed for TLS 1.0 and 1.1 from Azure VPN Gateway.