Saturday, 19 February 2022

How to setup P2S VPN to connect Azure SQL

After successful building the VPN connection to Azure Environment by applying P2S VPN. This is a note what I did so that I can use it in the future.



 

Script Powersell to create SelfRoot & Client

$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject "CN=VNETROOT" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign

New-SelfSignedCertificate -Type Custom -DnsName TANLECLIENT -KeySpec Signature -Subject "CN=VNETCLIENT" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")

 

Generate and export certificates for P2S: PowerShell - Azure VPN Gateway | Microsoft Docs


 


Step-by-Step guide to Azure Point-to-Site VPN - Technical Blog | REBELADMIN

 

Tutorial: Connect to an Azure SQL server using an Azure Private Endpoint - Portal | Microsoft Docs

 




 

Do the following:

1.      Navigate to "Firewalls and virtual networks" of you SQL server and make sure to set "Deny public network access" to yes.

2.      Create an Azure private endpoint. It will create endpoint for SQL server within your virtual network and it'll be assigned a private IP from within subnet's IP range. You use this private IP to connect to SQL server.

3.      On you local machine, make sure you're connected to VPN and open SQL Server Management Studio:

·         Under "Server name" enter private IP address of Azure private endpoint created in step #2.

·         Login part can be a bit tricky. Under "Login" field, enter username in format "username@public_sql_server_name" (e.g. admin@my-sql-server.database.windows.net). For password, just enter you password.

·         Last thing to do is to click on "Options" and navigate to "Connection properties". Make sure to check "Encrypt connection" and "Trust server certificate". This is required as server's certificate is issued to "my-sql-server.database.windows.net" and you're accessing it via private IP. If this wasn't checked, management studio wouldn't trust server's certificate and would refuse connection.







References:

Connect to a VNet using P2S VPN & certificate authentication: portal - Azure VPN Gateway | Microsoft Docs



at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Implemented a Service to receive real time message from an API Webhook

 What is the webhook?  Ask Google :) 😅  This is my experience to build a Azure Function HTTP trigger to receive an event from SkyBox API W...