Microsoft release the latest version of their Azure Stack during the Ignite 2016 conference in Atlanta. The new version has a lot of great features. One thing that I was not able to find is how to establish a VPN Session from your MAC OS X to Azure Stack.
You will ask why do we need it? Well one of the groups that will benefit the most from Azure Stack are the developers. As azure brings a lot of the services available from the Azure Cloud to the Enterprise On-Premise environment. Now the developers with Windows or MAC OS X environments can start testing in the latest TP2 version connecting directly and using their tools.
There is a very good PowerShell module that will do all the steps on Windows but it does not work in MAC OS X so here are all the steps to gather the details
Ebook Version (Click the book to get the PDF version)
Download Scripts to collect required information
Login to your Azure Stack Hyper-V host with your administrator account. ex: azurestack\administrator
Download the scripts. Ex: Invoke-WebRequest -Uri https://github.com/carlosvargasvip/azurestackmacvpn/archive/master.zip -OutFile master.zip
Expand the downloaded file. Expand-Archive master.zip
Gathering Certificates for Azure Stack
Azure Stack has its own internal certificate authority. All services and websites use SSL certificates and you need to download the Root CA certificate to your MAC in order to access all the resources.
Execute the Get-AzureStackRootCACert.ps1 script to get the certificate
Gather external IP from the MAS-BGPNAT VM
In order to establish a connection to your Azure Stack you need the external IP address of the MAS-BGBNAT VM hosted in your Hyper-V host.
Transfer certificate and VPN IP output out
The certificate and VPN IP address are saved in the %userprofile%\downloads folder.
You need to copy it out. I will use my On-Premise File Sync And Share HCP Anywhere for this function.
Install Azure Stack Root CA certificate in your MAC OS X
Now we need to install the Azure Stack Root CA certificate in the MAC OS X. My files are automatically synchronized to my MAC OS X with the HCP Anywhere client. You see two files: CA.cer is the root certificate, the natip.txt is the file with the IP address for the VPN server.
Double click the CA.Cer file
Open your Keychain and you will see a new certificate with a red x. Double click the certificate with the name AzureStackCertificationAuthority.
Because all the services use SSL certificates our MAC OS X need to trust the Azure Stack Certificate Authority. Click the first option and switch to Always Trust. And then click the close button (red dot).
Type your password
Now will the Azure Stack Certification Authority is trusted.
Configure Static Routes for Azure Stack in MAC OS X
In order to access all the services in the Internal Azure Stack you need to add two static routes that will be executed when you connect with the VPN profile
Create a new script in /etc/ppp/ip-up. Ex: sudo vi /etc/ppp/ip-up
Configure VPN Connection in your MAC OS X
Now we need to configure our new VPN connection to the Azure Stack MAS-BGPNAT01 VM.
Click your System Preferences
Click the plus sign (+) in the lower left corner of the network screen
Select VPN in the Interface drop down, LT2P over IPSec for VPN Type and a name for your VPN connection.
Type the External IP for BGPNAT VM in the server Address. (This is located in the natip.txt file you copied before). Account Name is administrator and click Authentication Settings.
Then type the Azure Stack administrator password in the Password field and Shared Secret and click OK.
Click the Advanced button for your VPN connection.
Click the DNS tab and add azurestack.local as a search domain for your VPN connection and click OK.
Type your Azure Stack administrator password
Open your browser and type: https://portal.azurestack.local and login to with an account that has access to Azure Stack.
You are now connected to your Azure Stack environment.