Configure OpenVPN for Azure point-to-site VPN Gateway (Preview)

This article helps you set up OpenVPNĀ® Protocol on Azure VPN Gateway. The article assumes that you already have a working point-to-site environment. If you do not, use the instructions in step 1 to create a point-to-site VPN.


This Public Preview is provided without a service level agreement and should not be used for production workloads. Certain features may not be supported, may have constrained capabilities, or may not be available in all Azure locations. See the Supplemental Terms of Use for Microsoft Azure Previews for details.


This article has been updated to use the new Azure PowerShell Az module. You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. For Az module installation instructions, see Install Azure PowerShell.

Register this feature

Click the TryIt in these steps to register this feature easily using Azure Cloud Shell.


If you don't register this feature, you will not be able to use it.

After clicking TryIt to open the Azure Cloud Shell, copy and paste the following commands:

Register-AzProviderFeature -ProviderNamespace Microsoft.Network -FeatureName AllowVnetGatewayOpenVpnProtocol
Get-AzProviderFeature -ProviderNamespace Microsoft.Network -FeatureName AllowVnetGatewayOpenVpnProtocol

Once the feature shows as registered, reregister the subscription to Microsoft.Network namespace.

Register-AzResourceProvider -ProviderNamespace Microsoft.Network

1. Create a point-to-site VPN

If you don't already have a functioning point-to-site environment, follow the instruction to create one. See Create a point-to-site VPN to create and configure a point-to-site VPN gateway with native Azure certificate authentication.


The Basic SKU is not supported for OpenVPN.

2. Enable OpenVPN on the gateway

Enable OpenVPN on your gateway. Make sure that the gateway is already configured for point-to-site (IKEv2 or SSTP) before running the following commands:

$gw = Get-AzVirtualNetworkGateway -ResourceGroupName $rgname -name $name
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gw -VpnClientProtocol OpenVPN

Next steps

To configure clients for OpenVPN, see Configure OpenVPN clients.

"OpenVPN" is a trademark of OpenVPN Inc.