![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 2%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG3%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 52%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
Hi GuusHoekman-3872,
Thanks for reaching out in Microsoft Q&A forum,
Your concern is valid. Based on Microsoft's own retirement notice, the current situation is essentially:
The hard truth is that Microsoft Entra ID (Azure AD) authentication for Azure VPN Gateway Point-to-Site on Linux will effectively disappear when the Azure VPN Client for Linux retires on August 31, 2026. The open-source alternatives Microsoft suggests OpenVPN and strongSwan do not support Entra ID authentication with Azure P2S gateways. Microsoft explicitly states in their retirement notice: "Microsoft Entra ID authentication on Linux was only available through the Azure VPN Client for Linux."
If your company has standardized on Entra ID + MFA for Azure VPN access and doesn't want to change authentication methods, Linux users currently have no supported native solution. Microsoft's documented migration paths leave you with three choices, each with trade-offs:
- Certificate-based authentication: You keep Linux support via OpenVPN or strongSwan, but you lose centralized identity management, Conditional Access policies, and seamless MFA integration that Entra ID provides.
- RADIUS authentication: You can maintain centralized authentication by setting up a Windows NPS server with the Entra MFA extension, but this requires additional infrastructure and adds operational complexity.
- Windows or macOS clients: You keep Entra ID + MFA exactly as-is, but this forces Linux users to either switch operating systems or run Windows/macOS in a virtual machine just to connect to the VPN.
Microsoft is retiring the only client that provided Entra ID authentication on Linux without announcing a replacement or providing any roadmap for Linux parity. The Azure VPN Client for Linux was in public preview since 2016, never reached general availability, and now it's being removed entirely with no clear path forward for Linux users who need Entra ID.
- Push back internally: Explain to your employer that migrating to certificates means losing MFA and Conditional Access benefits that your organization likely relies on for security compliance. This isn't just an inconvenience it's a security regression.
- Raise your feedback here : https://feedback.azure.com/d365community/forum/8ae9bf04-8326-ec11-b6e6-000d3a4f0789
Official Microsoft documentation:
- Azure VPN Client for Linux Retirement Overview: https://learn.microsoft.com/en-us/azure/vpn-gateway/azure-vpn-client-linux-retirement
- Configure P2S VPN Gateway for Entra ID Authentication: https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-entra-gateway
- RADIUS Authentication with Microsoft Entra ID: https://learn.microsoft.com/en-us/entra/architecture/auth-radius
Kindly let us know if the above helps or you need further assistance on this issue.
Please do not forget to 
and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.