[network-manager-sstp.wiki] Update Connect to Microsoft Azure VNetGateway

[Eivind Næss <eivnaes src gnome org>]

commit 22f7e314500bf1b4408d418966ac8b427827fe6a
Author: Eivind Næss <eivnaes yahoo com>
Date:   Mon Apr 11 03:52:52 2022 +0000

    Update Connect to Microsoft Azure VNetGateway

 Connect-to-Microsoft-Azure-VNetGateway.md | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
---
diff --git a/Connect-to-Microsoft-Azure-VNetGateway.md b/Connect-to-Microsoft-Azure-VNetGateway.md
index 14b5c20..3db6c5f 100644
--- a/Connect-to-Microsoft-Azure-VNetGateway.md
+++ b/Connect-to-Microsoft-Azure-VNetGateway.md
@@ -13,7 +13,34 @@ Setting up the certificates:
 Export your CA certificate here:
 `openssl x509 -in caCert.pem -outform der | base64 -w0 ; echo`
 
+For the client certificates, skip the step in creating a PKCS12 envelope. The pppd doesn't currently support 
using PKCS12 certificates yet.
+
+You'll need to keep the .pem files for both user and key. 
+
 ## Configure your Linux Desktop
 
+### Download the VPN Client
+On your Azure portal, view the details of your Virtual Network Gateway, then click "Point-to-Site 
Configuration". If this page is configured correctly, i.e. 
+- CA certificate, and 
+- Address pool
+
+Then you should have a link at the top of this page that says "Download VPN Client". Click this link, and 
you'll download a VNetGway.zip.
+
+### Extract Settings
+This file contains the details of your VPN connection. Unzip the archive into a folder on you computer. Open 
up the "Generic\VpnSettings.xml" file. 
+
+This XML contains these interesting details needed to configure your SSTP VPN on the GNOME desktop:
+- VpnServer: The fully qualified domain name of the Azure SSTP VPN server
+- Routes: needed for to reach your Azure resources
+
+### Configure your Network
+Open up your Network Settings via the GNOME desktop. Under VPN, click the '+' icon. Select Secure Socket 
Tunneling Protocol (SSTP). This brings up the configuration page. 
+
+Copy and paste the value from the VpnServer field in the XML document into the Gateway entry. Where it says 
Type: "Password", click and select "Certificate". This should change the layout of the dialog to let you 
enter the certificate details.
+
+For the "User certificate", select your .pem file previously generated for Certificate. For the "User 
private key", select the .pem file generated as the certificate key. If you didn't encrypt the private key, 
there is no need to supply a password for this. 
+
+Leave the CA certificate field blank! The CA certificate you generated in order to sign the user certificate 
with is only need to validate the certificate the client presents to the server.
 
+Both the CA certificate for the EAP-TLS authentication session and the SSL connection to you Azure 
VNetGateway uses a certificate issued to Microsoft with DigiCert (www.digicert.com) as the root CA. This 
certificate should be included in your list of root certificates in /etc/ssl/certs directory.