OpenVPN client support for Azure P2S gateway's is currently in a preview state for which instructions for setup have been provided at https://docs.microsoft.com/en-us/Azure/vpn-gateway/vpn-gateway-howto-openvpn . I have successfully implemented the procedures found within the documentation up to and including extracting client P2S certificates.
At this point in time though my OpenVPN client will not maintain a connection to the VPN Gateway due to connection resets (probably happening in Azure). According to my research there can be a number of client-side factors that could cause this type of behavior up to and including Firewalls, Antivirus and NAT's. These most obvious client-side factors have been mitigated and I'm still experiencing resets.
Please note the log below.
Thu Oct 04 10:08:33 2018 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018Thu Oct 04 10:08:33 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Oct 04 10:08:33 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Enter Management Password:
Thu Oct 04 10:08:33 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Oct 04 10:08:33 2018 Need hold release from management interface, waiting...
Thu Oct 04 10:08:34 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Oct 04 10:08:34 2018 MANAGEMENT: CMD 'state on'
Thu Oct 04 10:08:34 2018 MANAGEMENT: CMD 'log all on'
Thu Oct 04 10:08:34 2018 MANAGEMENT: CMD 'echo all on'
Thu Oct 04 10:08:34 2018 MANAGEMENT: CMD 'bytecount 5'
Thu Oct 04 10:08:34 2018 MANAGEMENT: CMD 'hold off'
Thu Oct 04 10:08:34 2018 MANAGEMENT: CMD 'hold release'
Thu Oct 04 10:08:34 2018 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Oct 04 10:08:34 2018 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Oct 04 10:08:34 2018 MANAGEMENT: >STATE:1538662114,RESOLVE,,,,,,
Thu Oct 04 10:08:34 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:443
Thu Oct 04 10:08:34 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Oct 04 10:08:34 2018 Attempting to establish TCP connection with [AF_INET]XXX.XXX.XXX.XXX:443 [nonblock]
Thu Oct 04 10:08:34 2018 MANAGEMENT: >STATE:1538662114,TCP_CONNECT,,,,,,
Thu Oct 04 10:08:35 2018 TCP connection established with [AF_INET]XXX.XXX.XXX.XXX:443
Thu Oct 04 10:08:35 2018 TCP_CLIENT link local: (not bound)
Thu Oct 04 10:08:35 2018 TCP_CLIENT link remote: [AF_INET]XXX.XXX.XXX.XXX:443
Thu Oct 04 10:08:35 2018 MANAGEMENT: >STATE:1538662115,WAIT,,,,,,
Thu Oct 04 10:08:35 2018 Connection reset, restarting [-1]
Chris Felpel Blog: http://www.yahoogler.com Email: chris@yahoogler.com
