Azure VPN Solution, S2S and P2S tunnel
Short description of this page.
Replace your On-Prem-VPN with high performance Azure VPN and get 128 P2S tunnels for Windows 10 and another 10 S2S tunnels to your company locations at up to 100 MBit/s at a price of only 22 EUR/month.
What is VPN?
The abbreviation VPN stands for Virtual Private Network, which provides an encrypted tunnel between two devices. On one side there is always a VPN server, in this case Azure VPN.P2S
means that the other side is a client computer (e.g. laptop, tablet, smartphone). This is referred as Point-to-Site VPN or P2S for short. In this case, the VPN software is installed on each client. S2S
is used when it comes to connecting corporate sites, it is easier to connect corporate router with Azure VPN. All devices that connect to the Internet through this router are also connected to the VPN network.
Both sides of a VPN usually contain networks, so it is also called site-to-site VPN or S2S for short.
If for the client is set VPN server as a gateway, then internet browsing will also take place with this 'foreign' IP. This is a popular method to surf 'allegedly anonymously' (more so in private). For companies, the VPN is usually configured so that Internet surfing is local (faster) and only the target network is routed via VPN.
Azure VPN Properties
Azure VPN can use one of the following protocols:
- OpenVPN is an SSL/TLS based VPN protocol. It can use TCP port 443 and thus pass firewalls, as firewalls are opened for this port. OpenVPN is widely used and available for Windows, Linux, Mac-OS, iOS, Android.
- SSTP (Secure Socket Tunneling Protocol) uses TCP port 443 like OpenVPN, but SSTP is only supported on Windows devices. Azure supports all versions of Windows that have SSTP (Windows 7 and later).
- IKEv2 is a standards-based IPsec VPN solution. IKEv2-VPN can be used to connect Windows and macOS devices, and for many other firewalls for S2S VPN.
Azure-AD or (on-prem) Windows-AD can be used for authentication. As seen in the image below, a Radius server is required for the on-prem network.
In case a network exists on the Azure VPN side, like VNET1 with 10.10.0.0/16 in the picture on the left, the VPN connection automatically exists to this Azure network as well.
You can find more information about VPN under Microsoft Docs
P2S and S2S Tunnel with Azure VPN
OpenVPN and MFA
If you want users to be prompted for a second factor authentication before access is granted, you can configure Azure AD Multi-Factor Authentication (MFA).
You can configure MFA on a per-user basis or for all users, preferably through Azure Conditional Access. Conditional Access can also be configured individually so that MFA is required for a Specific User Group while exempting another group.
Azure VPN Cost
If your company can deal with up to 128 Windows 10 computers, up to 10 company locations and with a total throughput of 100 Mbps, then Azure VPN Basic at 22 EUR per month is all you need.
Be aware that Azure VPN Basic has further protocol restrictions, SSTP is only usable for Windows 10 and IKEv2 only for S2S VPN.
The next bigger Azure VPN is VpnGw1 and costs EUR 117 per month with a throughput of 650 Mbps. VpnGw1 offers 256 P2S tunnels for OpenVPN or IKEv2, another 128 P2S tunnels for SSTP and 30 S2S tunnels for IKEv2.
For more information about other VPN versions (SKUs) and pricing, see. Azure VPN calculator
Support for Azure VPN
If you need support to plan, implement or troubleshoot the Azure VPN in your company please feel free to contact us.
There are also other custom options that could work for your organization. If you don't have a VPN or your existing VPN is unreliable, expensive, user-unfriendly or offers too little throughput, we will transparently present you with a sample offer to give you an approximate idea of the scope and costs.
VPN Solution for 2 company locations and Windows 10 clients
Source: Sylbek 2020
For over 10 years we have been delivering S2S VPN solutions to customers using Linux RouteOS over the SSTP protocol and more recently Ubiquiti EdgeRouter to Azure VPN.
We would be happy to discuss without obligation to find a cost-effective and low-maintenance VPN solution, write us via Jira ServiceDesk
, an efficient and transparent method for customer support, see a an example ticket
. You are welcome to write us an email or use Contact