To create a Point-to-Site connection, you have to perform the following steps:
- Ensure you have a virtual network with a gateway subnet, but avoid IPs overlapping with your on-premises.
- Build a virtual network gateway for the virtual network you've created.
- Then, you need to generate a certificate to allow a client to authenticate the VNet over a Point-to-Site VPN connection. This can be done either by a CA server or self-signed certificate.
- To create a self-signed certificate, you can run the following PowerShell cmdlet:
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject "CN=RootCert" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" ...