Skip to content

vpn-gateway-vwan-entra-vpn-client-mac.md

Latest commit

 

History

History
78 lines (53 loc) · 4.66 KB

vpn-gateway-vwan-entra-vpn-client-mac.md

File metadata and controls

78 lines (53 loc) · 4.66 KB
author cherylmc
ms.author cherylmc
ms.date 02/11/2025
ms.service azure-virtual-wan
ms.topic include

Workflow

  1. Download and install the Azure VPN Client for macOS.
  2. Extract the VPN client profile configuration files.
  3. Import the client profile settings to the VPN client.
  4. Create a connection and connect to Azure.

Download the Azure VPN Client

  1. Download the latest Azure VPN Client from the Apple Store.
  2. Install the client on your computer.

Extract client profile configuration files

Locate the VPN client profile configuration package that you generated. If you need to generate these files again, see the Prerequisites section. The VPN client profile configuration package contains the VPN profile configuration files.

When you generate and download a VPN client profile configuration package, all the necessary configuration settings for VPN clients are contained in a VPN client profile configuration zip file. The VPN client profile configuration files are specific to the P2S VPN gateway configuration for the virtual network. If there are any changes to the P2S VPN configuration after you generate the files, such as changes to the VPN protocol type or authentication type, you need to generate new VPN client profile configuration files and apply the new configuration to all of the VPN clients that you want to connect.

Locate and unzip the VPN client profile configuration package and open the AzureVPN folder. In this folder, you'll see either the azurevpnconfig_aad.xml file or the azurevpnconfig.xml file, depending on whether your P2S configuration includes multiple authentication types. The .xml file contains the settings you use to configure the VPN client profile.

Modify profile configuration files

[!INCLUDE custom audience steps]

Import VPN client profile configuration files

Note

[!INCLUDE Entra VPN client note]

  1. On the Azure VPN Client page, select Import.

  2. Navigate to the folder containing the file that you want to import, select it, then click Open.

  3. On this screen, notice the connection values are populated using the values in the imported VPN client configuration file.

    • Verify that the Certificate Information value shows DigiCert Global Root G2, rather than the default or blank. Adjust the value if necessary.
    • Notice the Client Authentication values align with the values that were used to configure the VPN gateway for Microsoft Entra ID authentication. This field must reflect the same value that your gateway is configured to use.

    :::image type="content" source="media/vpn-gateway-vwan-entra-vpn-client-mac/values.png" alt-text="Screenshot of Azure VPN Client saving the imported profile settings." lightbox="media/vpn-gateway-vwan-entra-vpn-client-mac/values.png":::

  4. Click Save to save the connection profile configuration.

  5. In the VPN connections pane, select the connection profile that you saved. Then, click Connect.

  6. Once connected, the status changes to Connected. To disconnect from the session, click Disconnect.

Create a connection manually

  1. Open the Azure VPN Client. At the bottom of the client, select Add to create a new connection.

  2. On the Azure VPN Client page, you can configure the profile settings. Change the Certificate Information value to show DigiCert Global Root G2, rather than the default or blank, then click Save.

    Configure the following settings:

    • Connection Name: The name by which you want to refer to the connection profile.
    • VPN Server: This name is the name that you want to use to refer to the server. The name you choose here doesn't need to be the formal name of a server.
    • Server Validation
      • Certificate Information: DigiCert Global Root G2
      • Server Secret: The server secret.
    • Client Authentication
      • Authentication Type: Microsoft Entra ID
      • Tenant: Name of the tenant.
      • Audience: The Audience value must match the value that your P2S gateway is configured to use. Typically, this value is c632b3df-fb67-4d84-bdcf-b95ad541b5c8.
      • Issuer: Name of the issuer.

  3. After filling in the fields, click Save.

  4. In the VPN connections pane, select the connection profile that you configured. Then, click Connect.

Remove a VPN connection profile

You can remove the VPN connection profile from your computer.

  1. Open the Azure VPN Client.
  2. Select the VPN connection that you want to remove, then click Remove.