Azure Stack Cloud Network

Azure Stack VPN for MAC OS X

Microsoft release the latest version of their Azure Stack during the Ignite 2016 conference in Atlanta. The new version has a lot of great features. One thing that I was not able to find is how to establish a VPN Session from your MAC OS X to Azure Stack.

You will ask why do we need it? Well one of the groups that will benefit the most from Azure Stack are the developers. As azure brings a lot of the services available from the Azure Cloud to the Enterprise On-Premise environment. Now the developers with Windows or MAC OS X environments can start testing in the latest TP2 version connecting directly and using their tools.

There is a very good PowerShell module that will do all the steps on Windows but it does not work in MAC OS X so here are all the steps to gather the details

Ebook Version (Click the book to get the PDF version)



Azure Stack VPN for MAC OS X
Watch this video on YouTube.

Download Scripts to collect required information

Login to your Azure Stack Hyper-V host with your administrator account. ex: azurestack\administrator

Download the scripts. Ex: Invoke-WebRequest -Uri -OutFile


Expand the downloaded file. Expand-Archive



Gathering Certificates for Azure Stack

Azure Stack has its own internal certificate authority. All services and websites use SSL certificates and you need to download the Root CA certificate to your MAC in order to access all the resources.

Execute the Get-AzureStackRootCACert.ps1 script to get the certificate



Gather external IP from the MAS-BGPNAT VM

In order to establish a connection to your Azure Stack you need the external IP address of the MAS-BGBNAT VM hosted in your Hyper-V host.




Transfer certificate and VPN IP output out

The certificate and VPN IP address are saved in the %userprofile%\downloads folder.


You need to copy it out. I will use my On-Premise File Sync And Share HCP Anywhere for this function.


Install Azure Stack Root CA certificate in your MAC OS X

Now we need to install the Azure Stack Root CA certificate in the MAC OS X.  My files are automatically synchronized to my MAC OS X with the HCP Anywhere client. You see two files: CA.cer is the root certificate, the natip.txt is the file with the IP address for the VPN server.

Double click the CA.Cer file


Open your Keychain  and you will see a new certificate with a red x. Double click the certificate with the name AzureStackCertificationAuthority.


Because all the services use SSL certificates our MAC OS X need to trust the Azure Stack Certificate Authority. Click the first option and switch to Always Trust. And then click the close button (red dot).



Type your password


Now will the Azure Stack Certification Authority is trusted.


Configure Static Routes for Azure Stack in MAC OS X

In order to access all the services in the Internal Azure Stack you need to add two static routes that will be executed when you connect with the VPN profile

Create a new script in /etc/ppp/ip-up. Ex: sudo vi /etc/ppp/ip-up

Configure VPN Connection in your MAC OS X

Now we need to configure our new VPN connection to the Azure Stack MAS-BGPNAT01 VM.

Click your System Preferences


Click Network


Click the plus sign (+) in the lower left corner of the network screen


Select VPN in the Interface drop down, LT2P over IPSec for VPN Type and a name for your VPN connection.


Type the External IP for BGPNAT VM in the server Address. (This is located in the natip.txt file you copied before). Account Name is administrator and click Authentication Settings.


Then type the Azure Stack administrator password in the Password field and Shared Secret and click OK.


Click the Advanced button for your VPN connection.


Click the DNS tab and add azurestack.local as a search domain for your VPN connection and click OK.


Click connect


Type your Azure Stack administrator password


Open your browser and type: https://portal.azurestack.local and login to with an account that has access to Azure Stack.


You are now connected to your Azure Stack environment.



Cisco Network Windows

Windows 10 Preview with Cisco AnyConnect VPN Client

Microsoft released the Technical preview of their new Operating Systems. (Details Here) If you are like most IT Professionals, you may have downloaded the preview and try to use it for your basic computing environment. After playing with the new UI for a little bit, I installed the Cisco Anyconnect client and tried to connect to my office VPN. The connection failed with the following error: “Failed to initialized connection subsystem”.

After troubleshooting the issue for a little bit, I found a fix for the issue. Here are the steps to fix your Cisco AnyConnect client running on Windows 10 Preview.

1 . Open and explorer window and go to c:program files (x86)CiscoCisco AnyConnect Secure Mobility Client

2 . Right click vpnui.exe and click properties.

3 . Click the Compatibility tab, then click Run this program in compatibility mode for: and select Windows 8. Then Click OK.

4 . Click the Windows Logo and Click the Cisco AnyConnect Icon.

5 . In the Cisco AnyConnect client type your VPN server FQDN or IP address. Ex:

6. Type your username and password

VPN connect


7. Your client should connect successfully to your Cisco VPN appliance.

8 . After your client finishes the connection you should see a green check mark in the lock.


Hope this helps you test Windows 10 with your corporate images. If you have any questions please leave a comment.

Carlos Vargas Hyper-V Network Virtualization Windows

Configure Network for Windows 8.1 Client Hyper-V

In this post I will go thru the steps to configure the network for your Windows 8.1 Client Hyper-V. This is needed so your VM’s can connect to the network.

1. Open your start screen and look for the Hyper-V Management Tools group. And click Hyper-V Manager


2. Click the Virtual Switch Manager option under Actions.


3. Because this is a new installation there is no network defined.


4. Type a name for your internal switch. In this example I use “Internal” as the name for the switch. Press OK.


Now you have your Hyper-V feature installed and network is configured. In my next post I will share how to configure a base virtual machine.

Are you ready to build your Client Hyper-V VM’s?


Virtual Router with VLAN Support

Vyatta Virtual VLAN Router Configuration

I was trying to build a network with several VLAN’s and found that a Layer 3 switch cost a lot of money and it was out of my budget. After looking for a solution that was in my budget I used the Vyatta Open Source Router platform to build my router.  This configuration will allow you to create a router with several VLAN’s on a physical or virtual.

Default User accounts for Vyatta

user: vyatta
pass: vyatta  (change the default password thru the installation)

Configuration of  Interfaces IPv4

set interfaces ethernet eth0 address
set interface ethernet eth0 description “Description”
set system gateway-address

Configurationof Interfaces IPv6

set interface ethernet eth1 2001:db8:2::2/64

Configure IPv6 Tunnel

edit interfaces tunnel tun0
set encapsulation sit
set local-ip
set remote-ip
set address 2001:wwww:xxxx:yyyy::2/64
set description “HE.NET IPv6 Tunnel”
set protocols static interface-route6 ::/0 next-hop-interface tun0

Configure DNS Servers

set system name-server
set system name-server

Create Trunk

set interfaces ethernet eth1 description VLAN-TRUNK
set interfaces ethernet eth1 vif ## description VLAN-DESCRIPTION
set interfaces ethernet eth1 vif ## address

Configure DHCP

set service dhcp-server
set service dhcp-server shared-network-name VLAN2_Pool subnet start stop
set service dhcp-server shared-network-name VLAN2_Pool subnet default-router
set service dhcp-server shared-network-name VLAN2_Pool subnet dns-server
set service dhcp-server shared-network-name VLAN2_Pool subnet domain-name

Configure DNS forwarding

set service dns forwarding listen-on eth1.vlanID (ex. eth1.1, eth1.2)
set service dns forwarding name-server

Enable SSH

set service ssh

Configure NTP

set service time-zone US/Central

Configure Hostname

set system host-name r1

Vyatta Documentation is located:

Hyper-V Network Windows

Hyper-V Network Configuration

In order for the Virtual Machines to access the physical lab network and the internet we will create a virtual switch called MSLAN. It is important that the Switch name is the same in all the Hyper-V host or your VM’s will have problems when they Live Motion from one host to another.

  1. Open Hyper-V Manager
  2. On the Right side click Virtual Network Configuration


  3. Select the type of network and press Create Virtual Switch


  4. Select a name for your Virtual Switch. The name must be the same on each Hyper-V host. Then Select the network card that you want to assign this switch. Then press OK.

  5. After that you will have your new virtual switch available for your virtual machines.