My requirement is need to take RDP from Android/IOS device to windows client via Point-to-site secured VPN tunneling. Is this feasible, If yes please explain.

Hi Suresh Kumar,

Welcome to Microsoft Q&A and thank you for posting your query here!Yes, it is absolutely feasible to establish a Point-to-Site (P2S) VPN connection from Android or iOS devices to your Azure virtual network, enabling you to use RDP securely to connect to Windows clients through the VPN tunnel.

Supported Tunnel and Authentication Types

• For mobile devices, OpenVPN (SSL) tunnel type is recommended because it has broad support on Android and iOS.
• Authentication can be done via Azure Active Directory (Azure AD) or Certificate-based authentication when using OpenVPN.

High-level Steps to Configure P2S VPN for Mobile Clients

1. Create and configure an Azure VPN Gateway in your virtual network with P2S enabled, selecting OpenVPN as the tunnel type and Azure AD or certificate authentication (or both) as per your security design.
2. Upload root certificates if you use certificate authentication.
3. Download the VPN client profile package from the Azure portal after configuration. This profile contains all the client settings for connection.
4. Install and configure VPN client apps:
   • For Android/iOS, use the OpenVPN Connect app.
   • Import the OpenVPN configuration file (.ovpn) from the profile package into the OpenVPN client.
5. Connect the VPN client to Azure VPN Gateway.
6. Once connected, use your device’s RDP client app (such as Microsoft Remote Desktop on Android/iOS) to connect securely to your Windows client machine within the Azure virtual network, using the private IP address.

Detailed Microsoft Documentation References:

• About Azure Point-to-Site VPN connections: https://free.blessedness.top/en-us/azure/vpn-gateway/point-to-site-about
• Configure OpenVPN Connect clients for P2S VPN: https://free.blessedness.top/en-us/azure/vpn-gateway/point-to-site-vpn-client-certificate-openvpn-ios
• Configure Azure VPN Gateway for P2S with Azure AD authentication and OpenVPN tunnel: https://free.blessedness.top/en-us/azure/vpn-gateway/point-to-site-about#authentication

Note:

• The Azure VPN Client app from Microsoft Store is primarily for Windows. Mobile devices use the OpenVPN Connect app.
• Ensure your VPN clients have the necessary client certificates installed if you use certificate authentication.

Hope this helps you connect securely from your Android/iOS device to your Windows clients via Azure P2S VPN and take your RDP sessions smoothly!

Feel free to ask if you need anything on this .

Thanks,

Harish.

Dear Harish,

Thanks for your quick response. Could you please confirm, If the same will work for the below authentication method,

Authentication Method: Azure Active Directory

Hi Suresh Kumar,

Thanks for your follow-up! Yes, Azure VPN Gateway fully supports using multiple authentication types, including Azure Active Directory (now Microsoft Entra ID) and Azure Certificate authentication together for Point-to-Site (P2S) VPN connections when using the OpenVPN (SSL) tunnel type.

Key points:

• You can enable more than one authentication method (e.g., Azure certificate and Azure AD/Microsoft Entra ID) on your VPN gateway’s Point-to-Site configuration.
• With multiple authentications enabled, VPN clients can use any supported method to connect, giving flexibility across different client platforms (Windows, macOS, Linux, Android, iOS).
• Azure AD/Microsoft Entra ID authentication works with OpenVPN tunnel type on all supported platforms; certificate authentication is also supported on OpenVPN.

from official Microsoft doc- “You can select multiple authentication types for your P2S gateway configuration... If you select multiple authentication types, the VPN client you use must be supported by at least one authentication type and corresponding tunnel type. For example, if you select 'IKEv2 and OpenVPN' for tunnel types, and Microsoft Entra ID and Azure Certificate for authentication type, Microsoft Entra ID will only use the OpenVPN tunnel type since it's not supported by IKEv2.” (About Azure Point-to-Site VPN connections)

More details on configuring and using these combinations:

Configure OpenVPN client for P2S (certificate, Azure AD)

Configure P2S VPN with Microsoft Entra ID

You may select both “Azure certificate” and “Azure Active Directory” to allow users to authenticate using either method as per your screenshot.

Let me know if you need anything on this!

Thanks,

Harish.

Hi Suresh Kumar,

Just checking to see if you have a chance to check my previous response and helped, do let me know if you have any further questions on this.

Thanks,

Harish.

Thank you, Harish. Regarding the use of Azure AD Authentication for point-to-site from Android, we're encountering an issue. Since the only client app available on Android is the OpenVPN client (which is configured for certificate validation), can you please elaborate on the specific client application and the step by step process required to get Azure AD Authentication working on Android?