Azure supports two main types of VPNs: point-to-site and site-to-site. Point-to-site VPNs are great for small businesses or for working remotely, while site-to-site VPNs are ideal for larger organizations with multiple locations.
Checkout this video:
VPN Gateway
Azure supports different types of VPN gateway. To select the right gateway type for your Azure VPN, you need to consider the gateway type, the size of your organization, the Azure VPN gateway SKU that you want to use, and the type of Azure VPN client that you want your users to use. The different types of VPN gateway are: Policy-based VPNs, Route-based VPNs, Azure VPN Client, and Site-to-Site VPN.
Point-to-Site
Point-to-Site (P2S) creates a secure connection to an Azure virtual network from an individual client computer. P2S is a very common scenario where you need to access resources in your Azure VNET from a remote location. For example, you may want to connect to your Web App hosted in an Azure App Service or run PowerShell scripts against your Azure VMs from your laptop.
VPN client configuration files are contained in a zip file. Configuration files provide the settings required for a native Windows, Mac IKEv2 VPN, or Linux clients to connect to a VNet over Point-to-Site connections that use SSTP tunneling protocol with TLS authentication.
Site-to-Site
Site-to-Site is the most common type of VPN. A Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located at each site that has been configured for Site-to-Site connectivity with each other over a public network, such as the Internet.
Supported VPN Types
Azure supports the following VPN types: Point-to-Site (P2S), Site-to-Site (S2S), and VNet-to-VNet. All these VPN types can be deployed through the Azure Resource Manager. This section will provide an overview of each VPN type and how it can be used.
IKEv2
IKEv2 (Internet Key Exchange version 2) is a VPN encryption protocol that handles request and response messages and uses UDP port 500. IKEv2 offers a number of benefits, including:
-Support for EAP-MD5 and EAP-MSCHAPv2 authentication methods.
-Increased security with the use of public key cryptography for initial exchange of keying material.
-The ability to use different key exchange methods, including RSA signatures and pre-shared keys.
-The ability to use different encryption algorithms, including AES 128-bit and 256-bit.
IKEv2 also has a number of disadvantages, which include:
-It requires more processing power than other VPN protocols.
-It is not as widely supported as other VPN protocols.
SSTP
SSTP is a secure, reliable, and high-performance VPN tunneling protocol that is part of the Microsoft Windows operating system. SSTP uses SSL to encrypt traffic between a client and a server. SSTP is available on all current Windows platforms, including Windows 10, Windows 8.1, Windows 8, Windows 7, and Windows Server 2016.
OpenVPN
OpenVPN is an SSL/TLS VPN solution. It is able to traverse NAT connections and firewalls. This makes it a great choice for those wanting to ensure their data is secure when connecting to untrusted networks, such as public Wi-Fi hotspots. OpenVPN is also open source, which allows for third-party security audits of the codebase to ensure there are no backdoors or undisclosed security vulnerabilities.
Unsupported VPN Types
Azure supports certain VPN types and not others. It’s important to know which VPN types are supported and which are not in order to make sure that you’re using the right type of VPN for your needs. We’ll go over the VPN types that Azure does and does not support in this article.
PPTP
Point-to-Point Tunneling Protocol (PPTP)VPN is a network protocol that creates a secure tunnel between two networked computers. Invented by Microsoft, it was one of the first VPN protocols available and is still widely used today. Azure does not support this protocol.
L2TP/IPsec
L2TP/IPsec is a VPN protocol that uses strong security features to protect your data. However, Azure does not support this type of VPN.