Q: I'm trying to initiate an Azure point-to-site connection using RasDial, but it's failing; why?
A: There are a number of different types of connectivity from on-premises to an Azure virtual network:
- Site-to-site VPN: Provides connectivity for all on-premises OS instances at a location to Azure through a centrally managed and connected gateway
- Point-to-site VPN: Connectivity for a single on-premises OS instance to Azure via a local VPN tunnel
- ExpressRoute: Enterprise-level connectivity from on-premises to Azure via Multi-Protocol Label Switching (MPLS) or fiber connectivity
With the point-to-site (P2S) solution, a special client package is installed that configures a local VPN connection, which can be launched through the normal network interfaces. RasDial can typically also be used.
However, if you try this with your Azure P2S VPN, you'll receive the following error message:
This function is not supported on this system.
After investigating why this error is generated, I discovered that the Azure P2S VPN configuration utilizes the Connection Manager Administration Kit (CMAK), which includes some custom configuration that blocks RasDial from working with the created VPN connection. After digging into the log generated through a connection, I learned that you can create your own custom VPN connection to Azure, which then can work with RasDial. I had planned to write up the instructions, until I found the blog post "Deconstructing the Azure Point-to-Site VPN for Command Line usage," which already does a great job documenting how to create your own VPN configuration that can then be used with RasDial.
Note that Microsoft doesn't currently support automatic P2S connectivity and creating your own configuration for P2S VPN. However, I know of many organizations that want an automatic P2S connection from servers to Azure in locations that have only a single server, and a site-to-site (S2S) VPN connection doesn't make sense.