These days there are different ways you can use to securely connect to your Azure resources, one of those is through the use of a Point-to-Site (P2S) VPN connection. Such a P2S VPN connection allows you to securely connect to resources in a virtual network (VNet) or any of its peered VNets from a client device. This can be quite handy if you are working from home or from a customer’s site on your own or corporate Windows 10 or 11 device. Next to that you can also use it instead of a Site-to-Site (S2S) VPN, when you only need to connect a few client devices to resources in a specific VNet.
If you want to read some more about P2S VPN connections, you can do so via the following Microsoft Docs link: Point-to-Site VPN documentation
When such P2S VPN connection is in use in your Azure environment, it can be useful to see the current P2S VPN sessions. Or in case of a connectivity or security issue to even disconnect them.
In this blog post I will not only show you how you can easily do this trough the Azure Portal, but also how you can disconnect all current P2S VPN sessions with the use of Azure PowerShell.
View or disconnect P2S VPN sessions via the Azure Portal
Logon to the Azure Portal and type in “virtual network gateways” in the Global search bar. Then click on Virtual network gateways.
In the Virtual network gateways screen (blade), click on the VPN gateway which has the P2S VPN connection configured.
Then navigate to the Monitoring section and select Point-to-site Sessions.
In the Point-to-site Sessions screen you should now see all the current sessions.
If you want to disconnect a specific session, just click on the ellipsis “…” of that session and select Disconnect.
Like you can see on the screenshot below, that specific session is now disconnected.
Disconnect all current P2S VPN sessions via an Azure PowerShell script
If you are not running the script from Cloud Shell, like when you are using Windows Terminal, don’t forget to sign in with the Connect-AzAccount cmdlet to connect your Azure account. And if you are using multiple Azure subscriptions, select the proper subscription with the Set-AzContext cmdlet before running the script.
When you are logged in and have selected the correct subscription, you can check if there are any active sessions*, by running the following cmdlet:
## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Get-AzVirtualNetworkGatewayVpnClientConnectionHealth -ResourceName <"your VPN Gateway name here"> -ResourceGroupName <"your VPN Gateway resource group name here"> | Format-List
## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
*Keep in mind that the session status is updated every five minutes. So, it could be that new sessions are not listed directly. Also, know that when you disconnect a session that it can still show up until five minutes after you disconnected it.
If there are active sessions, and you want to disconnect them all at once, you can use the below Azure PowerShell script to disconnect all current P2S VPN connections if there are any.
To use the script copy and save it as Disconnect-all-current-P2S-VPN-connections.ps1 or download it from GitHub. Then run the script with Administrator privileges from Windows Terminal, Visual Studio Code, or Windows PowerShell. Or you can simply run it from Cloud Shell.
<#
.SYNOPSIS
A script used to disconnect all current P2S VPN connections.
.DESCRIPTION
A script used to disconnect all current P2S VPN connections.
The script will do all of the following:
Check if the PowerShell window is running as Administrator (when not running from Cloud Shell), otherwise the Azure PowerShell script will be exited.
Suppress breaking change warning messages.
Check Virtual Network Gateway parameter input. If the input is incorrect, the script will be exited.
Retrieve all current sessions and save them in a variable.
Disconnect all current sessions.
.NOTES
Filename: Disconnect-all-current-P2S-VPN-connections.ps1
Created: 19/08/2022
Last modified: 19/08/2022
Author: Wim Matthyssen
Version: 1.0
PowerShell: Azure PowerShell and Azure Cloud Shell
Requires: PowerShell Az (v5.9.0) and Az.Network (v4.16.0)
Action: Change variables were needed to fit your needs
Disclaimer: This script is provided "As Is" with no warranties.
.EXAMPLE
Connect-AzAccount
Get-AzTenant (if not using the default tenant)
Set-AzContext -tenantID "<xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx>" (if not using the default tenant)
Set-AzContext -Subscription "<SubscriptionName>" (if not using the default subscription)
.\Disconnect-all-current-P2S-VPN-connections.ps1 <"your virtual network gateway name here"> <"your virtual network gateway resource group name here">
.LINK
#>
## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
## Parameters
param(
[parameter(Mandatory =$true)][ValidateNotNullOrEmpty()] [string] $gatewayName,
[parameter(Mandatory =$true)][ValidateNotNullOrEmpty()] [string] $rgNameGateway
)
## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
## Variables
$global:currenttime= Set-PSBreakpoint -Variable currenttime -Mode Read -Action {$global:currenttime= Get-Date -UFormat "%A %m/%d/%Y %R"}
$foregroundColor1 = "Red"
$foregroundColor2 = "Yellow"
$writeEmptyLine = "`n"
$writeSeperatorSpaces = " - "
## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
## Check if PowerShell runs as Administrator (when not running from Cloud Shell), otherwise exit the script
if ($PSVersionTable.Platform -eq "Unix") {
Write-Host ($writeEmptyLine + "# Running in Cloud Shell" + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor1 $writeEmptyLine
## Start script execution
Write-Host ($writeEmptyLine + "# Script started. Without any errors, it will need around 1 minute to complete" + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor1 $writeEmptyLine
} else {
$currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
$isAdministrator = $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
## Check if running as Administrator, otherwise exit the script
if ($isAdministrator -eq $false) {
Write-Host ($writeEmptyLine + "# Please run PowerShell as Administrator" + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor1 $writeEmptyLine
Start-Sleep -s 3
exit
}
else {
## If running as Administrator, start script execution
Write-Host ($writeEmptyLine + "# Script started. Without any errors, it will need around 1 minute to complete" + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor1 $writeEmptyLine
}
}
## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
## Suppress breaking change warning messages
Set-Item Env:\SuppressAzurePowerShellBreakingChangeWarnings "true"
## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
## Check Virtual Network Gateway parameter input. If the input is incorrect, the script will be exited
try {
Get-AzVirtualNetworkGateway -Name $gatewayName -ResourceGroupName $rgNameGateway -ErrorAction Stop | Out-Null
} catch {
Write-Host ($writeEmptyLine + "# VPN Gateway $gatewayName does not exist, please validate your input. The script will be exited" + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor1 $writeEmptyLine
Start-Sleep -s 3
exit
}
Write-Host ($writeEmptyLine + "# Virtual Network Gateway with name $gatewayName exists in the current subscription. The script will continue" + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor2 $writeEmptyLine
## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
## Retrieve all current sessions and save them in a variable
$currentSessions = Get-AzVirtualNetworkGatewayVpnClientConnectionHealth -VirtualNetworkGatewayName $gatewayName -ResourceGroupName $rgNameGateway
Write-Host ($writeEmptyLine + "# Current sessions variable created" + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor2 $writeEmptyLine
## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# Disconnect all current sessions
Foreach ($currentSession in $currentSessions) {
Disconnect-AzVirtualNetworkGatewayVpnConnection -VirtualNetworkGatewayName $gatewayName -ResourceGroupName $rgNameGateway `
-VpnConnectionId $currentSession.VpnConnectionId | Out-Null
Write-Host ($writeEmptyLine + "# Session with VpnConnectionID $($currentSession.VpnConnectionId) disconnected" + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor2 $writeEmptyLine
}
## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
## Write script completed
Write-Host ($writeEmptyLine + "# Script completed. Wait at least 5 minutes to validate that all sessions are disconnected" + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor1 $writeEmptyLine
## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
I hope this tip and Azure PowerShell script can help you whenever you need to view or disconnect P2S VPN sessions in your Azure environment.
If you have any questions or recommendations about it, feel free to contact me through my Twitter handle (@wmatthyssen) or to just leave a comment.
Wim Matthyssen 
Pingback: Securely connect to your Azure VMs with JIT and a P2S VPN – Wim Matthyssen
Pingback: Securely attach on your Azure VMs with JIT and a P2S VPN – Wim Matthyssen - Firnco