AzureRm | Create Site to Site VPN

AzureRm | Create Site to Site VPN

This post is part of a general idea, to create an end-to-end high available application infrastructure solution in Azure using internal load balancer with the new AzureRm commands and Azure PowerShell v.1.0 preview.

We will create a Gateway, request a Public IP and establish a Site to Site VPN. At the time I am writting this post there is no option to create the VPN ising the Portal, the only way is using PowerShell. Also there is no option to download the configuration  for the local firewall/router, like the classic deployment.

The AzureRm commands are installed directly from the PowerShell using the Install-Module AzureRM & Install-AzureRM commands.

So lets start:


#Create Gateway for VPN

# add the local (office) public ip and local networks
$resourcegroupName ="RMDemoRG"
$locationName ="West Europe"
$vnetName = "NRPVnet"
New-AzureRmLocalNetworkGateway -Name localsite -ResourceGroupName $resourcegroupName -Location $locationName -GatewayIpAddress "XXX.XXX.XXX.XXX" -AddressPrefix @('','')

# Create the Gateway Subnet
$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $resourcegroupName -Name $vnetName 
Add-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix -VirtualNetwork $vnet
Set-AzureRmVirtualNetwork -VirtualNetwork $vnet

# create gateway and request azure public ip
$gwpip= New-AzureRmPublicIpAddress -Name RMDemoPIP -ResourceGroupName $resourcegroupName -Location $locationName -AllocationMethod Dynamic
$vnet = Get-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $resourcegroupName
$GWsubnet = Get-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $vnet
$gwipconfig = New-AzureRmVirtualNetworkGatewayIpConfig -Name gwipconfig1 -SubnetId $GWsubnet.Id -PublicIpAddressId $gwpip.Id
New-AzureRmVirtualNetworkGateway `
            -Name RMDemoGW `
            -ResourceGroupName $resourcegroupName `
            -Location $locationName `
            -IpConfigurations $gwipconfig `
            -GatewayType Vpn `
            -VpnType PolicyBased #PolicyBased For Static & RouteBased for Dynamic VPN

# Get the Public IP
Get-AzureRmPublicIpAddress -Name RMDemoPIP -ResourceGroupName $resourcegroupName

# Establish the VPN connection
$gateway1 = Get-AzureRmVirtualNetworkGateway -Name RMDemoGW -ResourceGroupName $resourcegroupName
$local = Get-AzureRmLocalNetworkGateway -Name LocalSite -ResourceGroupName $resourcegroupName
New-AzureRmVirtualNetworkGatewayConnection `
            -Name localtovpn `
            -ResourceGroupName $resourcegroupName `
            -Location $locationName `
            -VirtualNetworkGateway1 $gateway1 `
            -LocalNetworkGateway2 $local `
            -ConnectionType IPsec `
            -RoutingWeight 10 `
            -SharedKey 'ABCDEFG1234567890'

#check the VPN status
Get-AzureRMVirtualNetworkGatewayConnection -Name localtovpn -ResourceGroupName $resourcegroupName -Debug

Finally, since there is no way to download the configuration script at this time, the sample configurations can be found here:

After the creation of the VPN, that can be done only using PowerShell, we can use the portal to view the status and the settings


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.