Generate 49 character PSK

Note: I have published a simple C# console app to do most of this work for you. The download and instructions are available in the first article of my ADFS on Windows Azure Virtual Machines blog series. This procedure should be followed only if you'd rather not trust my unsigned executable. It's a lot of extra work.

The primary hurdle to using a Netgear router (or many other prosumer routers) for an Azure VPN is the PSK length. You see, the default PSK length for the Azure VPN is 50 characters, and the maximum PSK length for many routers is... you guessed it 49 characters. The PSK length can be changed, but the process is unfortunately not for the faint of heart. I would like to make a console application that does some of the grunt work, below, for you, but until I am able to do so, here is the process I used:

  1. Install Visual C# Express 2012 (free download)
  2. Run these commands in an elevated command prompt to generate a self-signed ceritificate which can be used to manage the Azure API (path in the first command may be different on your machine, but you're looking for the location of makecert.exe):
    cd "C:\Program Files (x86)\Windows Kits\8.0\bin\x86"
    makecert -r -pe -a sha1 -n "CN=My Azure Management Certificate" -ss My -len 2048 -sp "Microsoft Enhanced RSA and AES Cryptographic Provider" -sy 24 myazuremanagementcert.cer
  3. Install the generated cert in the Azure Management Portal
    • Settings>Management Certificates>Upload a Management Certificate
    • After uploading, grab the thumbprint because we'll need it in a moment (you will have to adjust the column widths to see the entire string)
  4. In Visual C#, create a new project (File>New Project>Visual C#>Windows>Console Application).  The resulting application will connect to your Azure subscription using your certificate, virtual network name, local network name, and subscription ID and will reset the PSK length to 49 characters.
    • Download this and paste the contents into the "program.cs" window in Visual Studio (replacing everything that is there by default)
    • Scroll down to the BEGIN REPLACE section and input the virtual network name, local network name, subscription ID, and certificate thumbprint in the appropriate locations.
    • Click Debug>Start without debugging. A command prompt windows should confirm success after several seconds. If you have no errors, a 49 character PSK should have been generated for you. You can close Visual Studio; we are done with it.
  5. Back in the Azure Management Portal, click the "Manage Key" button to collect your 49 character PSK. Go ahead and collect the Gateway IP Address because we'll need that shortly as well.