Search code examples
azurepowershellazure-vpn

VpnClientSetupAMD64.exe missing in Azure point-to-site VPN download

I am trying to setup my first Azure point-to-site VPN. If I'm reading things correctly, the URL I get from this PowerShell code:

$profile = New-AzVpnClientConfiguration -ResourceGroupName $ResourceGroup -Name $GWName -AuthenticationMethod "EapTls"
$profile.VPNProfileSASUrl

should download an executable called VpnClientSetupAMD64.exe that will be in the WindowsAmd64 folder of the downloaded zip file. That executable should do the setup on the native Win 10 1909 client.

The zip file I get doesn't have any executable in it and doesn't have that directory in it. I only get the XML and OVPN files with the config data for the VPN client.

I also tried using the Download VPN Client selection in the GUI Azure portal on the VnetGW/point-to-site page and I get the identical zip file - still no setup exe.

I looked for a way to either directly download the VpnClientSetupAMD64.exe file or to specify the azurevpnconfig.xml file that I do get as a parameter to setup the VPN client but I see nothing applicable.

I understand that I can manually configure the VPN client using the info I have but that doesn't scale.

Can someone give me any pointers?

Solution

  • Be default, the Tunnel type is OpenVPN(SSL) in the Point-to-site configuration UI. Before you generate files using PowerShell, you should select the VpnClientProtocol to SSTP and IKEv2, or one of them because they are used for Windows clients. So you will get the VpnClientSetupAMD64.exe file. You could get more details here.

    You also could refer to create a VPN Gateway and add point-to-site configuration using PowerShell.

    New-AzVirtualNetworkGateway -Name VNet1GW -ResourceGroupName TestRG1 `
 -Location 'East US' -IpConfigurations $gwipconfig -GatewayType Vpn `
 -VpnType RouteBased -GatewaySku VpnGw1 -VpnClientProtocol "IKEv2"
# Add the VPN client address pool
$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName $RG -Name $GWName
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -VpnClientAddressPool $VPNClientAddressPool
# Create a self-signed root certificate
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
 -Subject "CN=P2SRootCert" -KeyExportPolicy Exportable `
 -HashAlgorithm sha256 -KeyLength 2048 `
 -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
# Export the root certificate to "C:\cert\P2SRootCert.cer"
# Upload the root certificate public key information
$P2SRootCertName = "P2SRootCert.cer"
$filePathForCert = "C:\cert\P2SRootCert.cer"
$cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2($filePathForCert)
$CertBase64 = [system.convert]::ToBase64String($cert.RawData)
$p2srootcert = New-AzVpnClientRootCertificate -Name $P2SRootCertName -PublicCertData $CertBase64
Add-AzVpnClientRootCertificate -VpnClientRootCertificateName $P2SRootCertName `
 -VirtualNetworkGatewayname "VNet1GW" `
 -ResourceGroupName "TestRG1" -PublicCertData $CertBase64