Quick Tip: List Current Client Connections on Azure Point-to-Site VPN with PowerShell and REST API

  • Article

Microsoft Azure provides secure access to cloud-based VMs for developers and IT operations teams via Point-to-Site VPN (aka. Client VPN) connectivity.  This solution uses SSTP (Secure Socket Tunneling Protocol) to provide a secure, firewall-friendly solution that uses the native VPN client built-in with Windows 7 and later.  In a future article, we'll also look at a cross-platform Client VPN connectivity option to Azure for Linux and Mac OS X clients.

After configuring Point-to-Site VPN connectivity in Azure, it's pretty easy to see the overall connection status on the Virtual Networks Dashboard page of the Azure Management Portal, as shown below.

Click to zoom in ...

Azure Management Portal: Virtual Network Dashboard page

BUT ... what if we want to see the details of each individual client IP address that is currently connected to the VPN? Luckily, with a bit a PowerShell and the Azure Service Management REST API, we can fetch those details as well!

The PowerShell snippet below prompts to select an Azure subscription and Virtual Network, and then calls the List Connections operation via the REST API to display a list of currently connected client IP addresses. Hope you find it helpful!

# Download Azure Publish Settings fileGet-AzurePublishSettingsFile

# Import Azure Publish Settings file
Import-AzurePublishSettingsFile "$env:USERPROFILE\Documents\Azure.publishsettings"

# Select Azure subscription
$subscriptionName = (Get-AzureSubscription).SubscriptionName | Out-GridView -Title "Select Azure Subscription" -PassThru

# Get Azure subscription ID and certificate
$subscription = Get-AzureSubscription $subscriptionName -ExtendedDetails
$certificate = $subscription.Certificate
$subscriptionId = $subscription.SubscriptionId

# Select Azure Virtual Network
$azureVNet = (Get-AzureVNetSite).Name | Out-GridView -Title "Select Azure VNet" -PassThru

# Build request header and body
$requestHeader = @{"x-ms-version" = "2012-03-01"}

# Call the Azure REST API
$listVPNConnectionsUri = "https://management.core.windows.net/$subscriptionId/services/networking/$azureVNet/gateway/connections"
$VPNConnections = Invoke-RestMethod -Uri $listVPNConnectionsUri -Certificate $certificate -Method Get -Headers $requestHeader

# List active VPN client connections
$VPNConnections.Connections.Connection.AllocatedIPAddresses.String