• Create a resource group

• Create a VNet (10.0.0.0/16) and Address range would be 10.0.0.0/24

• Get into the VNet, select Subnet, then select subnet gateway option (10.0.1.0/24)
• Click on Virtual Network gateway
• Configure the highlighted one ( Configure Virtual Network & Set Public IP name)

• Download and install Windows software Development KIT

• Open Command Prompt in Administrator (Follow all commands in a same command prompt
box)

• Please check the below screenshot and follow the same to add enviroment variable sucessfully

Created by Ashadeep Parida

• Create a new folder in C Drive and create self-signed root certificate in windows command line
• Please follow the below command to create certificate (AZUREP2S is a certificate name)

• Install the certificate and open Certificates Manager Tool and select root certificate.
• Run→Type Command (Certmgr.msc )→ Personal → Certificate and right click on the certificate
→All Tasks→Export→ Select (No, Do not export the private key) → Base-64 Ex encoded X.509

• The save the certificate

Created by Ashadeep Parida

• Then Open Command Prompt as admin and follow the below command to create client
certificate
• makecert.exe -n "CN=AZUREVPNCLIENTCERT1" -pe -sky exchange -m 96 -ss My -in "AZUREP2S" -
is my -a sha1

• Install the certificate and open Certificates Manager Tool and select Client certificate or
PFX certificate.

• Run→Type Command (Certmgr.msc )→ Personal → Certificate and right click on the certificate

→All Tasks→Export→ Select (Yes,Export the privatekey)→ Personal Information exchange

→ Password →Save it

Created by Ashadeep Parida

 • Install notepad++
• Open the base64 certificate on Notepad++ and modify into single line save as

Before Modify

After modification

Created by Ashadeep Parida

• Open Azure portal and get into the Virtual Network gateway and select the gateway
• Search and click on Point to Site Configuration
• Then Configure Address Pool, Tunnel Type { IKEV2 and SSTP (SSL)},
Authentication type (Azure Certificate)→ Root certificate (Give a name and open the modified
base64 certificate in a single line and add it on Public Certificate Data and save it.
• After few mins, please download the VPN client

• Install the PFX certificate on client system

• Accoridng to your OS, please install VPN
• You can see new network VNET in network connection
• Click on Network and click on it and then click on connect

Created by Ashadeep Parida

 If you get the below error message the open command prompt as admin
and one by one follow the command

The connection was prevented because of a policy configured on your

RAS/VPN server. Specifically, the authentication method used by the server
to verify your username and password may not match the authentication
method configured in your connection profile. Please contact the
Administrator of the RAS server and notify them of this error. (Error 812)

The connection was prevented because of a policy configured on your

RAS/VPN server. Specifically, the authentication method used by the server
to verify your username and password may not match the authentication
method configured in your connection profile. Please contact the
Administrator of the RAS server and notify them of this error. (Error 812)

reg add HKLM\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13 /v

TlsVersion /t REG_DWORD /d 0xfc0

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet

Settings\WinHttp" /v DefaultSecureProtocols /t REG_DWORD /d 0xaa0

Then try connect your VPN and Check

Thank you

Created by Ashadeep Parida