The sole dependency is a build of openssl for your platform. Without further due, our first step is to provide Azure with a certificate that will be used to sign client certificates. We call this the root certificate and by importing it to Azure we trust certificates signed by it. Most of the following commands will ask you to guard the output files with a passphrase, leave them empty until you have a working solution, then follow the guide again and add strong passwords when you’re asked to.
openssl genrsa -aes256 -out MyAzureVPN.key 2048
openssl req -x509 -sha256 -new -key MyAzureVPN.key -out MyAzureVPN.cer -days 3650 -subj /CN="ca_name"
Note: fix for opesssl random number issue: openssl rand -out ~/.rnd -writerand ~/.rnd
In Azure portal navigate to “Virtual Networks Gateway/Configuration/Point-to-site” and cert name and data from MyAzureVPN.cer removing '--Begin/end certificate'.
Next we create client certificates by issuing the bellow
openssl genrsa -out client1Cert.key 2048
openssl req -new -out client1Cert.req -key client1Cert.key -subj /CN="MyAzureVPN"
openssl x509 -req -sha256 -in client1Cert.req -out client1Cert.cer -CAkey MyAzureVPN.key -CA MyAzureVPN.cer -days 1800 -CAcreateserial -CAserial serial
openssl pkcs12 -export -out client1Cert.pfx -inkey client1Cert.key -in client1Cert.cer -certfile <ca_cert>.cer
Last command will output a Windows Certificate Store friendly file.
Now on the client machine you want Azure VPN access double click on client1Cert.pfx and follow the installation dialogues until it reaches your Personal Store. Then again from Azure portal download the appropriate VPN Client and install it. Available networks will now have a new entry click on it to expand hit Connect and Connect once more on the VPN dialogue that popped up. Fingers crossed you are now connected to Azure VPN.
https://tarunlalwani.com/post/self-signed-certificates-trusting-them/