There are many reasons why you might want to use a Virtual Private Network (VPN). Perhaps you want to access geo-restricted content, ensure your online activity is private, or get around censorship. Whatever your reasons, you'll need to know what VPN types are supported by Azure before you can get started.
VPN types supported by Azure
Azure supports several different types of VPNs. Here's a quick overview of the most popular options:
Point-to-Site VPNs: Point-to-Site VPNs allow you to connect to Azure from a single computer using either an SSTP or IKEv2 connection. This is a good option if you only need to access Azure resources from one location.
SSTP (Secure Socket Tunneling Protocol): SSTP is a Microsoft protocol that uses SSL/TLS for transport. It's more reliable than PPTP and can be used in scenarios where UDP is blocked.
IKEv2 (Internet Key Exchange version 2): IKEv2 is a standards-based VPN protocol that uses strong encryption and perfect forward secrecy. It's more resilient than SSTP against network changes and can automatically reconnect if the connection is lost.
Site-to-Site VPNs: Site-to-Site VPNs allow you to connect multiple on-premises locations to your Azure Virtual Network. This is a good option if you need to connect multiple locations or want to use existing infrastructure for your Azure deployment.
Azure supports both IPsec and S2S VPN protocols for Site-to-Site connections.
IPsec (Internet Protocol Security): IPsec is a standards-based VPN protocol that uses strong encryption and perfect forward secrecy. IPsec encryption can be configured in either tunnel mode or transport mode.
Transport mode encrypts only the data payload of each packet, while tunnel mode encrypts the entire packet including the headers. Transport mode is typically used for host-to-host communications, while tunnel mode is used for gateway-to-gateway communications.
S2S VPN connections using IPsec in transport mode require additional configuration if NAT (Network Address Translation) devices are present in the path between the on-premises location and Azure VNet because NAT modifies the IP header of packets passing through it.
SSL/TLS (Secure Socket Layer/Transport Layer Security): SSL/TLS is a Microsoft proprietary protocol that uses SSL/TLS for transport. It's more reliable than PPTP and can be used in scenarios where UDP is blocked
Conclusion:
There are many reasons why you might want to use a Virtual Private Network (VPN), and Azure supports several different types of VPNs. The most popular options are Point-to-Site and Site-to-Site VPNs. Point-to-Site VPNs allow you to connect to Azure from a single computer, while Site-to-Site VPNs allow you to connect multiple on premises locations to your Azure Virtual Network. Whichever type of VPN you choose, Azure has got you covered.