For research on my to be released book on Windows Azure I had to create a site-to-site VPN connection from my home to Windows Azure. Untill recently I was under the impression I needed a VPN device or Windows RRAS server configured with a public facing IP-address to be able to have such a site-to-site VPN.
However, that is not the case. Using a common ADSL modem, Hyper-V manager and a virtual machine running Windows Server 2012 with RRAS I was able to setup the VPN connection.
Thanks to Christopher Keyaert who blogs at vnext.be who helped me. Read his blog which describes how to update Azure networking if your ADSL connection has a dynamic IP.
My ADSL modem is a Fritz!Box 7270. I did not have to modify the configuration of the modem. You might want to add a route in your modem pointing to your RRAS server if other servers need access to Azure VMs.
The site-to-site can be setup using a physical server with RRAS installed as well. No need for the RRAS server to have a public IP.
In my book I will publish a step by step instruction how to configure this. In this post I will provide the basic steps. There are many other posts explaining how to setup a site-to-site VPN connection. For example this one.
1. In the Azure Management Portal create a virtual network. First create a new local network. In here you configure the public IP-address which is assigned to your ADSL modem. You also specify the IP-subnet used in your home location. Mine is 192.168.178.0/24.
2. Enable ‘configure site-to-site VPN’.
3. Then create a gateway in the portal. Select dynamic routing. Creation of the gateway will take about 5 to 10 minutes.
4. After the creation has finished, select ‘Download VPN device script. Choose Windows Server RRAS and store the .cfg file on your RRAS server.
5. Rename the .cfg file to PS1. Start PowerShell and execute the .PS1 file. You might have to change the execute policy .
The PowerShell script adds a Network interface to the RRAS server. This connects to the IP-address of the Azure gateway. When the script has finished open Routing and Remote Access console. Select Network Interfaces-> then select the demand dial connection named as IP-address of the Azure gateway. Right click and select Connect.
If all goes well a VPN connection is enabled.
Make sure the Ethernet network interface of the RRAS server which connects to your internal (home) network does not have a gateway filled in for the IP-properties. Otherwise ip-traffic will not flow to and from Windows Azure.
Also make sure the firewall on the RRAS server does not block VPN-traffic.
In Windows Azure create a virtual machine and make sure it is added to the virtual network you created in the first step. After creation has finished, open an RDP connection. Then make sure the Windows Server firewall does not block VPN traffic.
That is it. You now should be able to ping or use any other connection from your home server (RRAS) to a virtual machine in Azure.
Please let me know if you have issues in setting up the S2S VPN (mvdb22 at gmail dot com )