Veeam PN 2.1 [Archived]
User Guide
Search
This document is not maintained any longer.

Set Up VPN from Endpoints to Microsoft Azure

In this article

    You can use Veeam PN to set up a VPN connection from remote user machines to private clouds in Microsoft Azure. This scenario can be helpful if you have moved some of your application and services to Microsoft Azure. In this case, you can provide company users with access to VMs in Microsoft Azure.

    Reference Environment

    This how-to assumes that your company environment is distributed between two sites:

    • Microsoft Azure: part of your applications and services are hosted in Microsoft Azure.
    • Local company site: users who need to gain access to Microsoft Azure VMs are working on a local company site or remotely.

    In this scenario, you will deploy Veeam PN components in the following way:

    • The network hub will be hosted in Microsoft Azure.
    • You will configure VPN settings on user machines with the help of OpenVPN.

    Whenever users need to access VMs in Microsoft Azure, they will establish a VPN connection from their machines to the network hub in Microsoft Azure, that, in its turn, will route requests to Microsoft Azure VMs.

    Set Up VPN from Endpoints to Microsoft Azure 

    Prerequisites

    To follow instructions of this how-to, check the following prerequisites:

    • You must have a user account in Microsoft Azure.
    • You must use the Azure Resource Manager model to configure the network hub in Microsoft Azure. The classic deployment model is not supported.

    Step-By-Step Walkthrough

    To set up a VPN connection from user machines to Microsoft Azure, you will:

    1. Deploy the network hub in Microsoft Azure.
    2. Register clients for user machines in the Veeam PN portal.
    3. Configure OpenVPN on user machines.
    4. Establish a VPN connection from user machines to the network hub in Microsoft Azure.

    Step 1. Deploy Network Hub in Microsoft Azure

    The network hub is the core of the VPN infrastructure. If you want to set up a VPN connection from user machines to VMs in Microsoft Azure, you must deploy the network hub in Microsoft Azure.

    To deploy the network hub:

    1. Sign in to the Microsoft Azure portal at https://portal.azure.com.
    2. In the menu on the left, click New.
    3. In the marketplace, search for the 'Veeam PN for Microsoft Azure' template.
    4. Select the template and click Create.

    Set Up VPN from Endpoints to Microsoft Azure 

    1. On the Basics blade, specify basic VM settings: VM name, user credentials for the network hub administrator account, subscription, resource group and location.

    Set Up VPN from Endpoints to Microsoft Azure 

    1. On the Veeam PN settings blade, specify basic settings for the network hub appliance: VM size (A1 size is minimum), storage account, public IP address, domain name, virtual network and subnet.

    Set Up VPN from Endpoints to Microsoft Azure 

    1. On the Security settings blade, specify parameters for the self-signed SSL certificate that Veeam PN will use to secure connection in the VPN: the certificate key length.

    Set Up VPN from Endpoints to Microsoft Azure 

    1. On the VPN Information blade, make sure that Yes is enabled in the Enable Point-to-Site field. In the Specify a protocol and Specify a port fields, leave default settings.

    Set Up VPN from Endpoints to Microsoft Azure 

    1. On the Summary blade, click OK.
    2. On the Buy blade, click Purchase.

    Veeam PN will deploy the network hub from the Microsoft Azure template. The deployment process typically takes several minutes. Wait for this process to complete.

    1. In the Microsoft Azure portal, open properties of the deployed VM and get its IP address.
    2. In a web browser, access the Veeam PN portal by the following address: https://<networkhubIP>.

    The browser will display a warning notifying that the connection is untrusted. Ignore the warning and agree to proceed to the portal.

    1. At the Welcome screen, log in to the portal under the network hub administrator account. You specified credentials for the network hub administrator account on the Basic blade.
    2. Click Login.

    Set Up VPN from Endpoints to Microsoft Azure 

    1. On the welcome screen of the Azure Setup wizard, click Next.
    2. The Azure Setup wizard will display the https://aka.ms/devicelogin link and an authentication code. Copy the code to the Clipboard, open the https://aka.ms/devicelogin link in a web browser and enter the code in the code field.
    3. Click Next. Veeam PN will assign the Network Contributor role on the routing table in the Microsoft Azure network to the network hub administrator account. Wait for the process to complete and click Finish.

    Step 2. Register Clients for User Machines

    To provide remote users with access to VMs in Microsoft Azure, you must register clients for these users in the Veeam PN portal. Veeam PN will generate configuration files for users. You will use these configuration files to set up a VPN connection on user machines.

    To register a client for user machines:

    1. In the Veeam PN portal, in the configuration menu on the left click Clients.
    2. At the top of the clients list, click Add.
    3. At the Type step of the wizard, select Standalone computer.

    Set Up VPN from Endpoints to Microsoft Azure 

    1. At the Client step of the wizard, enter a name for the user machine.
    2. Select the Use HUB server as a default gateway check box.

    Set Up VPN from Endpoints to Microsoft Azure 

    1. At the Summary step of the wizard, click Finish.

    Veeam PN will generate an XML file with VPN settings for the user. The XML file will be automatically downloaded to the default downloads folder. Save the downloaded file in a network shared folder accessible from the user machine.

    1. Repeat steps 1-5 for all users to whom you want to provide access.

    Step 3. Configure OpenVPN on User Machines

    To let a user access VMs in Microsoft Azure over the VPN, you must configure VPN settings on the user machine. To do this, you must use OpenVPN software and a configuration file generated by Veeam PN.

    To configure OpenVPN on user machines:

    1. Download the OpenVPN setup file for the user machine OS from: https://openvpn.net/index.php/open-source/downloads.html.
    2. Run the OpenVPN setup file and install the product with default installation settings.
    3. Place the configuration file generated by Veeam PN in a folder where OpenVPN configuration files are stored: C:\Program Files\OpenVPN\config.
    4. Repeat steps 1-3 for all users to whom you want to provide access.

    Step 4. Establish VPN connection from User Machines to Microsoft Azure

    To establish a VPN connection from user machines to Microsoft Azure:

    1. On a user machine, create a batch file with the following command:

    "openvpn-gui.exe" --connect "C:\Program Files\OpenVPN\config\client.ovpn"

    where C:\Program Files\OpenVPN\bin\openvpn-gui.exe is a path to the OpenVPN product folder and C:\Program Files\OpenVPN\config\client.ovpn is a path to the user machine configuration file.

    1. Run the batch file. Veeam PN will establish a connection from the user machine to the network hub.
    2. Repeat steps 1-2 for all users to whom you want to provide access.

    Result

    You have set up a VPN connection from user machines to VMs to Microsoft Azure. VMs running in Microsoft Azure are now accessible to users working remotely.

    View all results across Veeam
    Back to document search