After having a chat with one of my old pals at Microsoft and discussing the topic internally with my current colleagues at Elastic, we decided too take on the task of getting VyOS validated by Microsoft as a VPN device that works with Azure.
The process was quite simple actually, so if you’re a vendor that would like to get their device validated I would recommend you take these steps:
- Configure your device to work with Azure and make sure the tunnel is stable.
- Document your configuration and put it up publicly on your documentation website, so your customers can be referred to that when working with Azure.
- Reach out to Microsoft to get details about the validation process and get it started.
In this case we are not the developers or maintainers of VyOS, but even though there’s a company behind most of VyOS’ newer code (Sentrium), at the end of the day VyOS is an Open Source project, hence why I felt I could take the initiative and coordinate the interested parts. I ended up writing a couple of configuration guides (for single and dual route-based tunnels with BGP) and getting back in touch with the folks at Microsoft. They explained the process and we got the ball rolling.
I think the whole process took around two weeks and on my side, after writing the above guides, there was pretty much no effort to be done. This is mostly a consequence of two things: Good expertise from the Microsoft engineer that took the task of technically validating the device and the effort we previously put into finding a stable configuration and writing it down in a step by step guide.
You can find the list of currently validated devices here.