| title | titleSuffix | description | author | ms.service | ms.topic | ms.date | ms.author |
|---|---|---|---|---|---|---|---|
Configure P2S VPN clients - certificate authentication - macOS OpenVPN client |
Azure VPN Gateway |
Learn how to configure the VPN client for VPN Gateway P2S configurations that use certificate authentication. This article applies to macOS OpenVPN client. |
cherylmc |
vpn-gateway |
how-to |
06/18/2024 |
cherylmc |
This article helps you connect to your Azure virtual network (VNet) using VPN Gateway point-to-site (P2S) and Certificate authentication on macOS using an OpenVPN client.
Before you begin configuring your client, verify that you're on the correct article. The following table shows the configuration articles available for Azure VPN Gateway P2S VPN clients. Steps differ, depending on the authentication type, tunnel type, and the client OS.
[!INCLUDE All client articles]
This article assumes that you've already performed the following prerequisites:
- You created and configured your VPN gateway for point-to-site certificate authentication and the OpenVPN tunnel type. See Configure server settings for P2S VPN Gateway connections - certificate authentication for steps.
- You generated and downloaded the VPN client configuration files. See Generate VPN client profile configuration files for steps.
- You can either generate client certificates, or acquire the appropriate client certificates necessary for authentication.
To connect to Azure using the OpenVPN client using certificate authentication, each connecting client requires the following items:
- The Open VPN Client software must be installed and configured on each client.
- The client must have a client certificate that's installed locally.
The workflow for this article is:
- Install the OpenVPN client.
- View the VPN client profile configuration files contained in the VPN client profile configuration package that you generated.
- Configure the OpenVPN client.
- Connect to Azure.
For certificate authentication, a client certificate must be installed on each client computer. The client certificate you want to use must be exported with the private key, and must contain all certificates in the certification path.
For information about working with certificates, see Point-to site: Generate certificates - Linux.
The following example uses TunnelBlick.
[!INCLUDE OpenVPN macOS]
Follow up with any additional server or connection settings. See Point-to-site configuration steps.