VPN Gateway — looks great, though a bit expensive
Recently, I was learning a bit about networking in Azure. As a practical exercise, I wanted to learn what is the cheapest way to achieve the following setup to protect resources in Azure Virtual Network that could be a target of a network attack, for example Virtual Machines:
In theory, I understood how VPN Gateway helps secure VNets and I saw it as a useful tool in such setup. But then I got disappointed when I saw the pricing table for VPN Gateway. The cheapest pricing tier of VPN Gateway, Basic, is about $26/month. That’s half of my monthly credit limit from Visual Studio Professional subscription. With that price, I find it impractical to use in small projects, where it would be often the most costly resource.
I wondered, how could I solve the same problem in a different (and cheaper) way?
OpenVPN Access Server — a cheaper alternative in my use case?
Seeking alternatives, I found OpenVPN Access Server available in Azure Marketplace. It looked good with 5/5 rating, nice reviews and open-source technology behind it. Furthermore, it advertised that if we only need 2 VPN connections at a time, the service is free. I wanted to see how it works, and here are my first experiences.
Not exactly free, but entry point is still cheaper
OpenVPN Access Servers is a Virtual Machine with a custom software, available in Azure Marketplace. It’s created in a very similar way to other Virtual Machines. Even though the software might provide free license for up to 2 VPN connections, we still need to pay for the virtual machine. When I created the service, it became clear:
At first, I used the cheapest Virtual Machine available, the B1ls. However, with only 0.5 GB memory, it didn’t meet the minimum hardware requirements of the service and I observed many problems when accessing Web UI. I had to update to B1s with 1 GB memory, and it was much better.
In total, estimated cost is about $11.23 (for a VM, disk and a public IP) in the case we never shut down the VM. I estimate that the lower limit for cost optimization would be about $2.5 if we only connected occasionally and kept the VM off the rest of the time.
First experiences: configuration
The first step, as hinted in the service’s description in Azure Marketplace, should be to connect to the newly created Virtual Machine via SSH. This is fairly easy from Azure Portal.
Once we connect, we instantly get welcomed by few configuration questions:
Web UI
When we finish basic configuration, we get a URL to a friendly Web UI. It was a nice surprise that graphical UI would even be part of the service:
When I authorized using the account I created in SSH session, I could download a configuration profile for OpenVPN client and connect to the Virtual Network from my Windows 10 machine. I could also go deeper into the administration panel:
Overall impression
It looks like a user-friendly product which works out-of-the-box. I only saw the surface of it and I cannot tell much about drawbacks. One thing that surprised me a bit was that after creating the Virtual Machine, software looked pretty outdated:
Of course, I could manually update it without problems with 2 commands. But since this service is a gateway that serves as a security measure, it triggered a thought that I would now have to maintain updates of this new Virtual Machine if I want to keep it online.
Ultimately, I don’t think I’ll be using this for my small side-projects. Maintaining VM’s, even small ones, feels like overengineering when it only protects 1 other VM 🙂 But it’s a nice tool to know.
Thanks for stopping by!
Thanks for the taking the time to post this. I need an easy way to get connected to a VNET for a POC, and this is perfect.
I’m glad to hear it was helpful! 😊 Thanks for taking the time to leave a comment.