OpenVPN
OpenVPN is a widely used open-source VPN protocol available on Windows, macOS, Linux, Android, and iOS. It relies on TLS for authentication and can run over either UDP or TCP, giving you flexibility for performance and firewall traversal. OpenVPN supports modern cipher suites and strong encryption, making it a solid choice for organizations with stringent security needs. Typical steps when using OpenVPN with Azure P2S:- Enable OpenVPN protocol support on the Azure VPN Gateway.
- Generate and distribute the VPN client configuration (Azure can provide a client package).
- Configure the VPN client address pool so connected devices receive private IP addresses from your virtual network.
- OpenVPN project: https://openvpn.net/
- Azure P2S documentation: https://learn.microsoft.com/azure/vpn-gateway/point-to-site-about
SSTP (Secure Socket Tunneling Protocol)
SSTP is a Microsoft-developed VPN protocol with native support on Windows clients. It tunnels VPN traffic over TLS on TCP port443 (HTTPS), which helps it traverse firewalls and web proxies that block non‑HTTPS traffic.
Because SSTP uses standard HTTPS/TLS semantics, it is often the most reliable fallback for users connecting from highly restrictive networks or environments that block other VPN ports. Native Windows support also minimizes client setup for Windows users.

IKEv2 (Internet Key Exchange v2)
IKEv2 is a modern, standards-based VPN protocol that negotiates security associations and encryption keys. It is valued for speed, stability, and mobility features:- Mobility and multihoming (MOBIKE) let clients maintain or re‑establish sessions when switching networks (for example, Wi‑Fi → cellular).
- Uses UDP port
500for IKE and UDP port4500when NAT traversal (NAT‑T) is required. - Provides fast reconnects and resilient behavior on unstable networks.

Protocol comparison
Summary
Azure supports OpenVPN, SSTP, and IKEv2 for Point-to-Site VPNs. Choose based on client platforms, network restrictions, and the connectivity behavior you need:- OpenVPN: best cross‑platform support and strong security; flexible transport (
UDPorTCP). - SSTP: native Windows support and excellent firewall/proxy traversal via
TCP 443. - IKEv2: optimal for mobile/roaming users due to MOBIKE and fast reconnection.
Select the protocol that aligns with your client OS footprint and network constraints. Use OpenVPN for broad device coverage, SSTP for Windows environments with strict proxies/firewalls, and IKEv2 for mobile and unstable-network scenarios.
- Azure VPN Gateway (Point-to-Site): https://learn.microsoft.com/azure/vpn-gateway/point-to-site-about
- OpenVPN: https://openvpn.net/
- IKEv2 overview and MOBIKE: https://tools.ietf.org/html/rfc5723
- Review your client OS mix and network constraints.
- Pilot the preferred protocol with a subset of users.
- Verify gateway configuration, client address pool, and required ports are available through your network perimeter.