Tag: VPN

Connect Ubiquiti UniFi Dream Machine to Azure VPN

Connect Ubiquiti UniFi Dream Machine to Azure VPN

A couple of days ago I got a Ubiquiti UniFi Dream Machine, which is an all-in-one device with an access point, 4-port switch, and a security gateway. After the basic setup, I wanted to connect my Ubiquiti UniFi Dream Machine USG to an Azure VPN Gateway (Azure Virtual Gateway), using Site-to-Site VPN. In this blog post, I am going to show you how you can create a site-to-Site (S2S) VPN connection from your Ubiquiti UniFi Dream Machine to Azure Virtual Network Gateway.

Azure Virtual Network Gateway and Connection

I already have a virtual network in Azure with the address space 10.166.0.0/16, and I also deployed the Azure Virtual Network Gateway connected to that vNet. The next thing I did was to add a connection to the gateway.

Azure VPN Connection

Azure VPN Connection

You need the following:

  • Name for the connection
  • Set Connection type to Site-to-site (IPSec)
  • Create a local network gateway (basically the configuration of your local VPN gateway.
  • Define a shared secret

Configure Ubiquiti UniFi Dream Machine VPN connection

Now you can switch to your UniFI Dream Machine, which has an UniFI USG integrated. Under settings go to Networks and click on Create new Network

UniFi Network Azure VPN

UniFi Network Azure VPN

Here you configure the following:

  • Name of your VPN connection
  • VPN Type Manuel IPSec
  • Remote Subnets which is the Azure vNet address space (in my case 10.166.0.0/16)
  • Peer IP which is the public IP address of the Azure virtual network gateway
  • Local WAN IP
  • the pre-shared key (shared secret)
  • IPSec Profile: Customized
  • Key Exchange Version: IKEv2
  • Encryption: AES-256
  • Hash: SHA1
  • DH Group: 2

After that, the VPN will connect and the status of your Azure virtual network gateway connection will change to connected.

Dream Machine Azure VPN Connection

Dream Machine Azure VPN Connection

You can now reach your Azure virtual machine using the private IP address range.

Connected Azure VPN

Connected Azure VPN

I hope this was helpful and show you how you can connect a Ubiquiti Unifi Dream Machine (USG) to an Azure Virtual Network using a site-to-site VPN connection. If you want to learn more about Azure Virtual Network Gateways check out the following documentation:

If you want to know more about point-to-site VPN connection to Azure check out my blog posts:

If you have any questions, feel free to leave a comment.



Azure VPN Azure Active Directory authentication

Create Azure P2S VPN with Azure AD authentication

A couple of days ago, we announced that you now can use Azure Active Directory to authentication Point-to-Site (P2S) VPN connections to your Azure virtual network. Before you were able to connect to your Azure virtual network (VNet) by using certificate-based or RADIUS authentication, however, if you are using the Open VPN protocol, you can now also use Azure Active Directory authentication. In this blog post, I will walk you through how you can set up an Azure P2S VPN connection using Azure AD authentication.

Prerequisites

To set this up, you will need a couple of things in place before we get started. Here are the prerequisites:

If you already have this in place, you are good to go.



Azure OpenVPN Support

OpenVPN support in Azure VPN gateways

Today, the Azure networking team announced the General Availability (GA) of OpenVPN protocol in Azure VPN gateways for P2S connectivity. OpenVPN is an open-source software that implements a virtual private network (VPN) connectivity. Since OpenVPN is widely used in the industry, a lot of devices already have an OpenVPN client built-in. OpenVPN support for Azure VPN gateways should make it easy to set up new VPN connectivity to Azure virtual networks.

To use OpenVPN, you can now just simply select the tunnel type OpenVPN. You can find more information about how to set up an Azure VPN gateway on here.

We are announcing General Availability (GA) of OpenVPN protocol in Azure VPN gateways for P2S connectivity. OpenVPN is a popular open source VPN protocol supported in all major platforms (Windows, macOSX, Linux, Android) and available pre-installed on several WiFi routers and IOT devices. Adding OpenVPN protocol to Azure P2S VPN greatly expands our client footprint for TLS/SSL-based VPN customers and ecosystem.

– Ali Zaman, Senior Program Manager at Microsoft

To enable OpenVPN on your gateway you can run the following Azure PowerShell commands. Make sure that the gateway is already configured for point-to-site (IKEv2 or SSTP) before running the following commands:

$gw = Get-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $name
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gw -VpnClientProtocol OpenVPN

You can find more information about OpenVPN support in Azure on Microsoft Docs:

Next to the Windows Server Azure Network Adapter, which allowed you to configure P2S VPN for Windows Server directly from Windows Admin Center, this is another step to make connectivity to Azure even easier. If you have any questions, please let me know in the comments.

If you want to learn more about Azure networking in general, check out the recording from my Microsoft Ignite The Tour session in Amsterdam, where I was speaking about the basics of building a Hybrid Connectivity with Microsoft Azure.



Windows Server 2019 Azure Network Adapter

How to set up Windows Server Azure Network Adapter

In my series about Windows Server 2019, I have a new feature I want to introduce you to. Windows Server 2019 Azure Network Adapter is one of the Hybrid Cloud efforts Microsoft is making in Windows Server 2019. A lot of workloads are running cross-cloud and require connections to virtual machines running in Azure. To achieve this there are several options like Site-to-Site VPN, Azure Express Route or Point-to-Site VPN. With Windows Admin Center and Windows Server 2019 Azure Network Adapter, you get a one-click experience to connect your Windows Server with your Azure Virtual Network using a Point-to-Site VPN connection.

Even this is might not for every enterprise scenario, there are a lot of scenarios where you might quickly want to connect a server to Azure. The Azure Network Adapter functionality gives you that feature with a one-click button. And by the way, it also works on Windows Server 2012 R2 and higher.



Windows Server 2019 Add Remote Access Role

How to install VPN on Windows Server 2019

This blog post is a step by step guide how to install and configure VPN on Windows Server 2019. The blog post shows you how you can easily set up a VPN server for a small environment, branch office, or for a hosted server scenario. This VPN (Virtual Private Network) server allows you to connect from remote clients or firewalls to the Windows Server.

I already did a similar post for other versions of Windows

To install VPN access to a Windows Server 2019, simply follow this step by step guide:



Installation Windows Server 2016 VPN

How to Install VPN on Windows Server 2016

This post shows you how you can install a VPN Server on Windows Server 2016 Step-by-Step. It shows you how you can easily setup a VPN server for a small environment or for a hosted server scenario. This blog post covers how you can use Windows Server VPN.

This is definitely not a guide for an enterprise deployment, if you are thinking about a enterprise deployment you should definitely have a look at Direct Access.

I already did similar blog posts for Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2.

You can simply follow this step by step guide:

Install the Windows Server VPN Role

First install the “Remote Access” via Server Manager or Windows PowerShell.

Install Remote Access Role VPN

Select the “DirectAccess and VPN (RAS)” role services and click next.

DirectAccess and VPN (RAS)



Green Cloud based on Windows Server Hyper-V and Windows Azure Pack

If you try to host some IaaS workloads or build a Hybrid Cloud environment connected to a service provider in Switzerland, you probably want to check out the Green Hyper-V ServerCloud.

Based on Hyper-V technology from Windows Server 2012 R2, Green virtual servers provide you with a powerful, high-availability server platform for your applications. The virtual servers can be seamlessly integrated into your existing IT environment, using Site-2-Site VPN.

Green also offers a own image container function in Windows Azure Pack which allows you to quickly and smoothly migrate your server to the Hyper-V ServerCloud, including configuration and software. Install your VHDX and ISO images and save valuable time on reinstallation and setup.

Options and the ability to gradually expand the system pave the way for future expansion. From individual applications to virtualization of entire IT areas, Server Cloud offers enough scope for your business.

Green Server Cloud

Some of the cool stuff Green offers in there Cloud Solution:

  • Cloud based on Windows Server 2012 R2 Hyper-V and Windows Azure Pack
  • Powerful packages on virtual server with up to 16 CPU cores and 128GB RAM
  • Windows Server 2008 R2 and Windows Server 2012 R2 Images
  • Linux Images (CentOS and more…)
  • Bring your own Server and ISO Images
  • Create VM Checkpoint (Snapshots) right from the Tenant Portal
  • Seamless expansion of local infrastructure through network virtualization and free-of-charge site-to-site VPN
  • Local service and support in three local languages
  • High Security standards implemented in the Green Datacenter
  • Server Location in Switzerland
  • Hyper-V Replica support – Replicated your Hyper-V Virtual Machines to the Green Cloud for DR scenarios
  • 30 days free trial

Green Business Connectivity and Security

Green Cloud Datacenters

Green is using it own datacenter to host the Green Cloud. The GreenCloud is hosted in their Tier 4 and Tier 3 datacenters for maximal security. The newest green.ch data center offers all the benefits of a state-of-the-art data center. It is situated in an excellent location, is the only Swiss data center that was awarded a Tier 4 design certification, and was designed for energy-efficient operation.

The Lupfig site is located west of Zurich in an easy to access location. It is far away from hazardous zones, yet centrally located within the Zurich-Basel-Bern business triangle.

From the very beginning, greenDatacenter Zurich West was designed for highest availability. All systems required for operation are duplicated. Multiple feeds are used for the power and emergency power supply, and the connection to the data network. And these feeds are even separately routed within the data center. Four security perimeters protect the data center against unauthorized access. Security measures include biometric access systems.

The Swiss Federal Office of Energy awarded greenDatacenter Zurich West the Watt d’Or 2013 for exemplary energy efficiency in the buildings and space category.

Green Cloud Technology

Green Cloud Image Container

As already mentioned Green is using the Microsoft Cloud Platform stack with Windows Azure Pack and Windows Server 2012 R2 Hyper-V for their Cloud offering. By using Hyper-V Network Virtualization and Site-2-Site VPN, customers can easily connect their local networks to the Green Cloud and build a Hybrid Cloud scenario. Green also extended their offering beyond the standard WAP offerings by adding additional features such as Hyper-V Replica support, the option to create Checkpoints (Snapshots) of Virtual Machines and the possibility to bring your own server images and ISO images to the Green Cloud.

Green Cloud Checkpoints

So if you are interested in the things Green offers checkout the 30 days free trial offering.