AzureRm | Create Site to Site VPN
This post is part of a general idea, to create an end-to-end high available application infrastructure solution in Azure using internal load balancer with the new AzureRm commands and Azure PowerShell v.1.0 preview.
We will create a Gateway, request a Public IP and establish a Site to Site VPN. At the time I am writting this post there is no option to create the VPN ising the Portal, the only way is using PowerShell. Also there is no option to download the configuration for the local firewall/router, like the classic deployment.
The AzureRm commands are installed directly from the PowerShell using the Install-Module AzureRM & Install-AzureRM commands.
So lets start:
#Login
Login-AzureRmAccount
#Create Gateway for VPN
# add the local (office) public ip and local networks
$resourcegroupName ="RMDemoRG"
$locationName ="West Europe"
$vnetName = "NRPVnet"
New-AzureRmLocalNetworkGateway -Name localsite -ResourceGroupName $resourcegroupName -Location $locationName -GatewayIpAddress "XXX.XXX.XXX.XXX" -AddressPrefix @('10.0.0.0/24','192.168.0.0/24')
# Create the Gateway Subnet
$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $resourcegroupName -Name $vnetName
Add-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix 172.16.0.0/16 -VirtualNetwork $vnet
Set-AzureRmVirtualNetwork -VirtualNetwork $vnet
# create gateway and request azure public ip
$gwpip= New-AzureRmPublicIpAddress -Name RMDemoPIP -ResourceGroupName $resourcegroupName -Location $locationName -AllocationMethod Dynamic
$vnet = Get-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $resourcegroupName
$GWsubnet = Get-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $vnet
$gwipconfig = New-AzureRmVirtualNetworkGatewayIpConfig -Name gwipconfig1 -SubnetId $GWsubnet.Id -PublicIpAddressId $gwpip.Id
New-AzureRmVirtualNetworkGateway `
-Name RMDemoGW `
-ResourceGroupName $resourcegroupName `
-Location $locationName `
-IpConfigurations $gwipconfig `
-GatewayType Vpn `
-VpnType PolicyBased #PolicyBased For Static & RouteBased for Dynamic VPN
# Get the Public IP
Get-AzureRmPublicIpAddress -Name RMDemoPIP -ResourceGroupName $resourcegroupName
# Establish the VPN connection
$gateway1 = Get-AzureRmVirtualNetworkGateway -Name RMDemoGW -ResourceGroupName $resourcegroupName
$local = Get-AzureRmLocalNetworkGateway -Name LocalSite -ResourceGroupName $resourcegroupName
New-AzureRmVirtualNetworkGatewayConnection `
-Name localtovpn `
-ResourceGroupName $resourcegroupName `
-Location $locationName `
-VirtualNetworkGateway1 $gateway1 `
-LocalNetworkGateway2 $local `
-ConnectionType IPsec `
-RoutingWeight 10 `
-SharedKey 'ABCDEFG1234567890'
#check the VPN status
Get-AzureRMVirtualNetworkGatewayConnection -Name localtovpn -ResourceGroupName $resourcegroupName -Debug
Finally, since there is no way to download the configuration script at this time, the sample configurations can be found here: https://github.com/Azure/Azure-vpn-config-samples
After the creation of the VPN, that can be done only using PowerShell, we can use the portal to view the status and the settings
Pantelis Apostolidis is a Sr. Specialist, Azure at Microsoft and a former Microsoft Azure MVP. For the last 20 years, Pantelis has been involved to major cloud projects in Greece and abroad, helping companies to adopt and deploy cloud technologies, driving business value. He is entitled to a lot of Microsoft Expert Certifications, demonstrating his proven experience in delivering high quality solutions. He is an author, blogger and he is acting as a spokesperson for conferences, workshops and webinars. He is also an active member of several communities as a moderator in azureheads.gr and autoexec.gr. Follow him on Twitter @papostolidis.
