Professional Documents
Culture Documents
Contents
• Purpose of configuring the VPN
• Technical view of the VPN
• Setting Up the Azure VPN Client
• Disconnecting the VPN connection
• Removing the VPN configuration
• Troubleshooting of VPN
• For users of ADFS
• For VPN connection errors
• Connection pending
• Error 0x80092013
• Error 720
• Error 798
Additional testing features of SIPROTEC DigitalTwin can be used by enabling a VPN Connection, e.g.:
https://dev.azure.com/siemens-energy-siprotec/SIPROTEC-5/_wiki/wikis/SIPROTEC-5.wiki/79/Setup-Azure-VPN-Client 1/20
2/17/2020 Setup Azure VPN Client - Overview
Important:
Administrator rights are required to complete the following steps for installing and configuring the VPN
connection
The use of the VPN connection is supported only on a Windows 10 system.
Additional information: You can find additional information regarding the Microsoft Azure VPN Installation
here https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about
Setup
1. Download the user-specific VPN client configuration via the SIPROTEC DigitalTwin website . Navigate to
the Menu button in the top left corner and select VPN Client from the context menu. This downloads a
ZIP-file (VPN_Client.zip) to your Downloads directory.
https://dev.azure.com/siemens-energy-siprotec/SIPROTEC-5/_wiki/wikis/SIPROTEC-5.wiki/79/Setup-Azure-VPN-Client 2/20
2/17/2020 Setup Azure VPN Client - Overview
https://dev.azure.com/siemens-energy-siprotec/SIPROTEC-5/_wiki/wikis/SIPROTEC-5.wiki/79/Setup-Azure-VPN-Client 3/20
2/17/2020 Setup Azure VPN Client - Overview
2. Right-click the ZIP file and select Extract All... from the context menu to extract the data from the ZIP file.
3. Define the destination directory into which the data should be extracted (c:\temp in this example) and click
Extract.
https://dev.azure.com/siemens-energy-siprotec/SIPROTEC-5/_wiki/wikis/SIPROTEC-5.wiki/79/Setup-Azure-VPN-Client 4/20
2/17/2020 Setup Azure VPN Client - Overview
4. Change to the Certificate directory and double-click the PFX(Personal Information Exchange) file, which
contains the private and public keys. The name of the file begins with 3 letters followed by 6 characters
and ends with the current version number.
https://dev.azure.com/siemens-energy-siprotec/SIPROTEC-5/_wiki/wikis/SIPROTEC-5.wiki/79/Setup-Azure-VPN-Client 5/20
2/17/2020 Setup Azure VPN Client - Overview
6. Confirm the PFX File Name to be imported (no changes necessary) and click Next.
https://dev.azure.com/siemens-energy-siprotec/SIPROTEC-5/_wiki/wikis/SIPROTEC-5.wiki/79/Setup-Azure-VPN-Client 6/20
2/17/2020 Setup Azure VPN Client - Overview
https://dev.azure.com/siemens-energy-siprotec/SIPROTEC-5/_wiki/wikis/SIPROTEC-5.wiki/79/Setup-Azure-VPN-Client 7/20
2/17/2020 Setup Azure VPN Client - Overview
Note: in Windows environments (such as Siemens Corporate), strong private key protection is enabled.
8. Select the Place all certificates in the following store option, then click Browse... and select the
Personal directory in the Select Certificate Store dialog. Confirm the dialog with OK and continue with
Next.
https://dev.azure.com/siemens-energy-siprotec/SIPROTEC-5/_wiki/wikis/SIPROTEC-5.wiki/79/Setup-Azure-VPN-Client 8/20
2/17/2020 Setup Azure VPN Client - Overview
9. To complete the import, click Finish. Confirm the successful import with OK.
https://dev.azure.com/siemens-energy-siprotec/SIPROTEC-5/_wiki/wikis/SIPROTEC-5.wiki/79/Setup-Azure-VPN-Client 9/20
2/17/2020 Setup Azure VPN Client - Overview
Note: if a strong key protection was activated in step 7, you first have to define a password that will be
requested later for each VPN connection:
https://dev.azure.com/siemens-energy-siprotec/SIPROTEC-5/_wiki/wikis/SIPROTEC-5.wiki/79/Setup-Azure-VPN-Client 10/20
2/17/2020 Setup Azure VPN Client - Overview
10. OPTIONAL: To verify that the imported certificates have been imported correctly, the certification manager
can be called. Press <Windows> + <R>, type "certmgr.msc" into the input field and press <Enter> (or
click OK).
https://dev.azure.com/siemens-energy-siprotec/SIPROTEC-5/_wiki/wikis/SIPROTEC-5.wiki/79/Setup-Azure-VPN-Client 11/20
2/17/2020 Setup Azure VPN Client - Overview
You will find the 2 imported certificates under Personal > Certificates.
https://dev.azure.com/siemens-energy-siprotec/SIPROTEC-5/_wiki/wikis/SIPROTEC-5.wiki/79/Setup-Azure-VPN-Client 12/20
2/17/2020 Setup Azure VPN Client - Overview
Select the appropriate directory according to the underlying computer. For example, the installation file
WindowsAmd64\VpnClientSetupAmd64.exe is used for Windows10.
12. To navigate to the VPN connection settings, right-click the Start button, click Settings, click Network &
Internet, then click VPN.
13. A newly added VPN connection is displayed. The name starts with SIPROTEC_DigitalTwin_ followed by
three letters and at least six characters:
https://dev.azure.com/siemens-energy-siprotec/SIPROTEC-5/_wiki/wikis/SIPROTEC-5.wiki/79/Setup-Azure-VPN-Client 13/20
2/17/2020 Setup Azure VPN Client - Overview
14. Select the connection, click Connect and confirm the adaptation of the routing table with Continue.
https://dev.azure.com/siemens-energy-siprotec/SIPROTEC-5/_wiki/wikis/SIPROTEC-5.wiki/79/Setup-Azure-VPN-Client 14/20
2/17/2020 Setup Azure VPN Client - Overview
Note: you can select not to show this message again for this connection.
Note: if you were requested to create a password before (in step 9), enter your connection password:
https://dev.azure.com/siemens-energy-siprotec/SIPROTEC-5/_wiki/wikis/SIPROTEC-5.wiki/79/Setup-Azure-VPN-Client 15/20
2/17/2020 Setup Azure VPN Client - Overview
Now the VPN connection is installed and running. Follow the installation instructions for the SoftEther VPN
Client.
Note: Do not disconnect the VPN during installation.
Troubleshooting of VPN
Connection pending
https://dev.azure.com/siemens-energy-siprotec/SIPROTEC-5/_wiki/wikis/SIPROTEC-5.wiki/79/Setup-Azure-VPN-Client 17/20
2/17/2020 Setup Azure VPN Client - Overview
if connection is not established within 10s, Cancel the connection and connect again.
https://dev.azure.com/siemens-energy-siprotec/SIPROTEC-5/_wiki/wikis/SIPROTEC-5.wiki/79/Setup-Azure-VPN-Client 18/20
2/17/2020 Setup Azure VPN Client - Overview
Error 0x80092013
"The revocation function was unable to check revocation because the revocation server was offline."
Causes
This error message occurs if the client cannot access http://crl3.digicert.com/ssca-sha2-g1.crl and
http://crl4.digicert.com/ssca-sha2-g1.crl . The revocation check requires access to both to these two sites. This
problem typically happens on the client that has proxy server configured. In some environments, if the requests
are not passed through the proxy server, they will be denied at the Edge Firewall.
Solution:
Check the proxy server settings, make sure that the client can access http://crl3.digicert.com/ssca-sha2-g1.crl
and http://crl4.digicert.com/ssca-sha2-g1.crl .
Error 720
"A connection to the remote computer could not be established. You might need to change the network
settings for this connection."
Solution :
Error 798
https://dev.azure.com/siemens-energy-siprotec/SIPROTEC-5/_wiki/wikis/SIPROTEC-5.wiki/79/Setup-Azure-VPN-Client 19/20
2/17/2020 Setup Azure VPN Client - Overview
"A certificate could not be found that can be used with this Extensible Authentification Protocol".
Download again the VPN_Client.zip file and install the newer certificate, valid for 1 more year.
https://dev.azure.com/siemens-energy-siprotec/SIPROTEC-5/_wiki/wikis/SIPROTEC-5.wiki/79/Setup-Azure-VPN-Client 20/20