A cheap way to VPN into Azure Virtual Network

VPN Gateway — looks great, though a bit expensive

Recently, I was learning a bit about networking in Azure. As a practical exercise, I wanted to learn what is the cheapest way to achieve the following setup to protect resources in Azure Virtual Network that could be a target of a network attack, for example Virtual Machines:

A diagram showing purpose of a VPN Gateway.
Setup that I want to achieve

In theory, I understood how VPN Gateway helps secure VNets and I saw it as a useful tool in such setup. But then I got disappointed when I saw the pricing table for VPN Gateway. The cheapest pricing tier of VPN Gateway, Basic, is about $26/month. That’s half of my monthly credit limit from Visual Studio Professional subscription. With that price, I find it impractical to use in small projects, where it would be often the most costly resource.

I wondered, how could I solve the same problem in a different (and cheaper) way?

OpenVPN Access Server — a cheaper alternative in my use case?

Seeking alternatives, I found OpenVPN Access Server available in Azure Marketplace. It looked good with 5/5 rating, nice reviews and open-source technology behind it. Furthermore, it advertised that if we only need 2 VPN connections at a time, the service is free. I wanted to see how it works, and here are my first experiences.

Not exactly free, but entry point is still cheaper

OpenVPN Access Servers is a Virtual Machine with a custom software, available in Azure Marketplace. It’s created in a very similar way to other Virtual Machines. Even though the software might provide free license for up to 2 VPN connections, we still need to pay for the virtual machine. When I created the service, it became clear:

A screenshot from Azure Portal showing creation of an OpenVPN Access Server Virtual Machine.
Creating “OpenVPN Access Server” resource

At first, I used the cheapest Virtual Machine available, the B1ls. However, with only 0.5 GB memory, it didn’t meet the minimum hardware requirements of the service and I observed many problems when accessing Web UI. I had to update to B1s with 1 GB memory, and it was much better.

In total, estimated cost is about $11.23 (for a VM, disk and a public IP) in the case we never shut down the VM. I estimate that the lower limit for cost optimization would be about $2.5 if we only connected occasionally and kept the VM off the rest of the time.

First experiences: configuration

The first step, as hinted in the service’s description in Azure Marketplace, should be to connect to the newly created Virtual Machine via SSH. This is fairly easy from Azure Portal.

Once we connect, we instantly get welcomed by few configuration questions:

Configuration of OpenVPN Access Server resource created in Azure.

Web UI

When we finish basic configuration, we get a URL to a friendly Web UI. It was a nice surprise that graphical UI would even be part of the service:

A Web UI of OpenVPN Access Server.

When I authorized using the account I created in SSH session, I could download a configuration profile for OpenVPN client and connect to the Virtual Network from my Windows 10 machine. I could also go deeper into the administration panel:

A control panel in Web UI of OpenVPN Access Server. It is available after logging in.

Overall impression

It looks like a user-friendly product which works out-of-the-box. I only saw the surface of it and I cannot tell much about drawbacks. One thing that surprised me a bit was that after creating the Virtual Machine, software looked pretty outdated:

OpenVPN Access Server: outdated server on a newly created Virtual Machine.

Of course, I could manually update it without problems with 2 commands. But since this service is a gateway that serves as a security measure, it triggered a thought that I would now have to maintain updates of this new Virtual Machine if I want to keep it online.

Ultimately, I don’t think I’ll be using this for my small side-projects. Maintaining VM’s, even small ones, feels like overengineering when it only protects 1 other VM 🙂 But it’s a nice tool to know.

Thanks for stopping by!

Leave a Comment