Scott recently announced support for point-to-site VPN connections into Azure – awesome! But what might not be so clear is how to enable it on your existing Virtual Network configuration – because you can’t make changes (at least through the UI) to your virtual network after it has been deployed and is in use.
Fortunately, there appears to be a workaround.
1) Export your existing configuration (go to the Networks view in the Azure management portal, and click the Export button).
2) Modify the XML with the following. Firstly, you need to add a new “GatewaySubnet” entry, which should be inside the address space of your virtual network. You then need to add a “VPNClientAddressPool” node, with an AddressPrefix outside the address space of your virtual network.
<VirtualNetworkSite name="XNetwork" AffinityGroup="NorthEurope"> <AddressSpace> <AddressPrefix>10.4.0.0/16</AddressPrefix> </AddressSpace> <Subnets> ... <Subnet name="GatewaySubnet"> <AddressPrefix>10.4.1.0/24</AddressPrefix> </Subnet> </Subnets> <Gateway> <VPNClientAddressPool> <AddressPrefix>10.0.0.0/24</AddressPrefix> </VPNClientAddressPool> ... </Gateway> </VirtualNetworkSite>
3) Go to Networks | Virtual Network | Import Configuration and re-upload your XML file.
Sorted! Now you can continue to configure point-to-site connectivity from the network dashboard as described here.