A VPN connection is established to initiate a connection from the client computer to the corporate environment, it is created to tunnel directly to the Gateway in your network. The Client to Site is an excellent solution when you want to connect to your Vnet from a remote location.

Today, lets see how to configure a VPN Client to Site "in ARM environment in Microsoft Azure. With the upgrade of the new environment on ARM (Azure Resource Manager) is not yet available to create VPN Client to the Portal Site. To make the configuration you need to install the "Azure PowerShell de WebPI 1.0" and will also need the Windows Software Development Kit (SDK) for Windows 8.1 or Windows 10 will depend on the version of Windows you are using.

Configuring VPN Certificate

With the installation of the module Azure PowerShell and the Windows SDK, let's start the settings. Open the Windows Azure Active Directory Module for Windows PowerShell in administrator mode.
Access the folder where the mackcert.exe with the command "cd "C:\Program Files (x 86) \Windows Kits\10\bin\x64 ", then execute these commands to create the certificate.

.\makecert.exe -sky exchange -r -n "CN=RootMyCompanyP2SAzure" -pe -a sha1 -len 2048 -ss My "RootMyCompanyP2SAzure.cer"

.\makecert.exe -n "CN=ClientMyCompanyP2SAzure" -pe -sky exchange -m 96 -ss My -in "RootMyCompanyP2SAzure"

After the creation of the certificate upload the Root certificate, then let's export the file using Base64 encoding. Now we export a ".cer" and grab the code binary.
Open the MMC in "Current User" then go to Personal > Certificates, then right-click the certificate RootMyCompanyP2SAzure > All Tasks > Export.

Click "Next".

Click "No, do not export the private" then click "Next".

Select "Base-64 encoded X.509(.CER)", then click "Next".

Now choose a directory where you will save your certificate, then click "Next"

Click "Finish", your certificate has been exported properly.

Now open the certificate with the notepad and get the binary code.

With the code in hand, we will assign a variable "$CertificateText" with the binary code, run the following command.
Note: Do not put the full code to not get the extensive article, but when is copy need to copy it in full, as the image below.

$CertificateText = "MIIDBTCCAfGgAwIBAgIQjKyXqsvp345L2pqzHnjZ9TAJBgUrDg"

Exporting PFX Certificate

Now we export the .PFX certificate with a password to make available to users of VPN, export the certificate with a password. Remembering that this certificate will be made available to users.

Configuring VPN Client To Site

Logue in the Azure with the command "Login-AzureRmAccount", then choose the signature you will use the VPN, run the command.

Select-AzureRmSubscription -SubscriptionName "Signature"

Now we assign a variable with "$Gw", run the command by adding the VirtualNetworkGateway and the ResourceGroupName.

$Gw = Get-AzureRmVirtualNetworkGateway -Name VNET-GW -ResourceGroupName Network

Let's add an IP pool to which to connect using that IP range. Run the command.

Set-AzureRmVirtualNetworkGatewayVpnClientConfig -VirtualNetworkGateway $Gw -VpnClientAddressPool ""

Now assign a variable "$rootCert" binary code for the VPN client and the resource group, run the following command.

$rootCert = Add-AzureRmVpnClientRootCertificate -VpnClientRootCertificateName "RootCraftP2SAzure.cer" -PublicCertData ($CertificateText) -VirtualNetworkGatewayName $gw.Name -ResourceGroupName MyNetwork

Ready "VPN Client" is created with the certificate, now let's download the client in 64-bit or 32-bit. To perform the download, run the following command it will generate a link for download.


Add the following information, as shown in the example below:

ResourceGroupName: VNET-GW

VirtualNetworkGatewayName: MyNetwork

ProcessorArchitecture: Amd64



Installing the VPN Client

After installing the Client, click VPN.

Click Connect.

Now he's going to create the routes between your computer and the VPN, click "Continue"

Wait for the connection.

Ready your VPN is accessing your environment within the Azure.

A ping to test communications with your network on Azure.

Ready VPN configured successfully.


This document was originally published as  and has been reproduced here to allow the community to correct any inaccuracies or provide other improvements until you update the original version of this topic.