Azure Azure Networking Azure Tip

Azure Tip: View or disconnect current P2S VPN sessions


These days there are different ways you can use to securely connect to your Azure resources, one of those is through the use of a Point-to-Site (P2S) VPN connection. Such a P2S VPN connection allows you to securely connect to resources in a virtual network (VNet) or any of its peered VNets from a client device. This can be quite handy if you are working from home or from a customer’s site on your own or corporate Windows 10 or 11 device. Next to that you can also use it instead of a Site-to-Site (S2S) VPN, when you only need to connect a few client devices to resources in a specific VNet.

If you want to read some more about P2S VPN connections, you can do so via the following Microsoft Docs link: Point-to-Site VPN documentation


When such P2S VPN connection is in use in your Azure environment, it can be useful to see the current P2S VPN sessions. Or in case of a connectivity or security issue to even disconnect them.

In this blog post I will not only show you how you can easily do this trough the Azure Portal, but also how you can disconnect all current P2S VPN sessions with the use of Azure PowerShell.


View or disconnect P2S VPN sessions via the Azure Portal

Logon to the Azure Portal and type in “virtual network gateways” in the Global search bar. Then click on Virtual network gateways.


In the Virtual network gateways screen (blade), click on the VPN gateway which has the P2S VPN connection configured.


Then navigate to the Monitoring section and select Point-to-site Sessions.


In the Point-to-site Sessions screen you should now see all the current sessions.


If you want to disconnect a specific session, just click on the ellipsis “…” of that session and select Disconnect.


Like you can see on the screenshot below, that specific session is now disconnected.


Disconnect all current P2S VPN sessions via an Azure PowerShell script

If you are not running the script from Cloud Shell, like when you are using Windows Terminal, don’t forget to sign in with the Connect-AzAccount cmdlet to connect your Azure account. And if you are using multiple Azure subscriptions, select the proper subscription with the Set-AzContext cmdlet before running the script.


When you are logged in and have selected the correct subscription, you can check if there are any active sessions*, by running the following cmdlet:

## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Get-AzVirtualNetworkGatewayVpnClientConnectionHealth -ResourceName <"your VPN Gateway name here"> -ResourceGroupName <"your VPN Gateway resource group name here"> | Format-List

## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------



*Keep in mind that the session status is updated every five minutes. So, it could be that new sessions are not listed directly. Also, know that when you disconnect a session that it can still show up until five minutes after you disconnected it.


If there are active sessions, and you want to disconnect them all at once, you can use the below Azure PowerShell script to disconnect all current P2S VPN connections if there are any.

To use the script copy and save it as Disconnect-all-current-P2S-VPN-connections.ps1 or download it from GitHub. Then run the script with Administrator privileges from Windows TerminalVisual Studio Code, or Windows PowerShell. Or you can simply run it from Cloud Shell.

<#
.SYNOPSIS

A script used to disconnect all current P2S VPN connections.

.DESCRIPTION

A script used to disconnect all current P2S VPN connections.
The script will do all of the following:

Check if the PowerShell window is running as Administrator (when not running from Cloud Shell), otherwise the Azure PowerShell script will be exited.
Suppress breaking change warning messages.
Check Virtual Network Gateway parameter input. If the input is incorrect, the script will be exited.
Retrieve all current sessions and save them in a variable.
Disconnect all current sessions.

.NOTES

Filename:       Disconnect-all-current-P2S-VPN-connections.ps1
Created:        19/08/2022
Last modified:  19/08/2022
Author:         Wim Matthyssen
Version:        1.0
PowerShell:     Azure PowerShell and Azure Cloud Shell
Requires:       PowerShell Az (v5.9.0) and Az.Network (v4.16.0)
Action:         Change variables were needed to fit your needs
Disclaimer:     This script is provided "As Is" with no warranties.

.EXAMPLE

Connect-AzAccount
Get-AzTenant (if not using the default tenant)
Set-AzContext -tenantID "<xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx>" (if not using the default tenant)
Set-AzContext -Subscription "<SubscriptionName>" (if not using the default subscription)
.\Disconnect-all-current-P2S-VPN-connections.ps1 <"your virtual network gateway name here"> <"your virtual network gateway resource group name here">

.LINK


#>

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Parameters

param(
    [parameter(Mandatory =$true)][ValidateNotNullOrEmpty()] [string] $gatewayName,
    [parameter(Mandatory =$true)][ValidateNotNullOrEmpty()] [string] $rgNameGateway
)

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Variables

$global:currenttime= Set-PSBreakpoint -Variable currenttime -Mode Read -Action {$global:currenttime= Get-Date -UFormat "%A %m/%d/%Y %R"}
$foregroundColor1 = "Red"
$foregroundColor2 = "Yellow"
$writeEmptyLine = "`n"
$writeSeperatorSpaces = " - "

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Check if PowerShell runs as Administrator (when not running from Cloud Shell), otherwise exit the script

if ($PSVersionTable.Platform -eq "Unix") {
    Write-Host ($writeEmptyLine + "# Running in Cloud Shell" + $writeSeperatorSpaces + $currentTime)`
    -foregroundcolor $foregroundColor1 $writeEmptyLine
    
    ## Start script execution    
    Write-Host ($writeEmptyLine + "# Script started. Without any errors, it will need around 1 minute to complete" + $writeSeperatorSpaces + $currentTime)`
    -foregroundcolor $foregroundColor1 $writeEmptyLine 
} else {
    $currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
    $isAdministrator = $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)

        ## Check if running as Administrator, otherwise exit the script
        if ($isAdministrator -eq $false) {
        Write-Host ($writeEmptyLine + "# Please run PowerShell as Administrator" + $writeSeperatorSpaces + $currentTime)`
        -foregroundcolor $foregroundColor1 $writeEmptyLine
        Start-Sleep -s 3
        exit
        }
        else {

        ## If running as Administrator, start script execution    
        Write-Host ($writeEmptyLine + "# Script started. Without any errors, it will need around 1 minute to complete" + $writeSeperatorSpaces + $currentTime)`
        -foregroundcolor $foregroundColor1 $writeEmptyLine 
        }
}

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Suppress breaking change warning messages

Set-Item Env:\SuppressAzurePowerShellBreakingChangeWarnings "true"

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Check Virtual Network Gateway parameter input. If the input is incorrect, the script will be exited

try {
    Get-AzVirtualNetworkGateway -Name $gatewayName -ResourceGroupName $rgNameGateway -ErrorAction Stop | Out-Null 
} catch {
    Write-Host ($writeEmptyLine + "# VPN Gateway $gatewayName does not exist, please validate your input. The script will be exited" + $writeSeperatorSpaces + $currentTime)`
    -foregroundcolor $foregroundColor1 $writeEmptyLine 
    Start-Sleep -s 3
    exit
}

Write-Host ($writeEmptyLine + "# Virtual Network Gateway with name $gatewayName exists in the current subscription. The script will continue" + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor2 $writeEmptyLine 

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Retrieve all current sessions and save them in a variable

$currentSessions = Get-AzVirtualNetworkGatewayVpnClientConnectionHealth -VirtualNetworkGatewayName $gatewayName -ResourceGroupName $rgNameGateway 

Write-Host ($writeEmptyLine + "# Current sessions variable created" + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor2 $writeEmptyLine

## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

# Disconnect all current sessions

Foreach ($currentSession in $currentSessions) { 
    Disconnect-AzVirtualNetworkGatewayVpnConnection -VirtualNetworkGatewayName $gatewayName -ResourceGroupName $rgNameGateway `
    -VpnConnectionId $currentSession.VpnConnectionId | Out-Null
  
    Write-Host ($writeEmptyLine + "# Session with VpnConnectionID $($currentSession.VpnConnectionId) disconnected" + $writeSeperatorSpaces + $currentTime)`
    -foregroundcolor $foregroundColor2 $writeEmptyLine
  }
  
## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Write script completed

Write-Host ($writeEmptyLine + "# Script completed. Wait at least 5 minutes to validate that all sessions are disconnected" + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor1 $writeEmptyLine 

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------



I hope this tip and Azure PowerShell script can help you whenever you need to view or disconnect P2S VPN sessions in your Azure environment.

If you have any questions or recommendations about it, feel free to contact me through my Twitter handle (@wmatthyssen) or to just leave a comment.


%d bloggers like this: