Tag: Gateways

Creating an Azure Virtual Network with VPN Gateway entirely with PowerShell not possible!

As I found the documentation for this somewhat lacking (especially for New-AzureRmVirtualNetworkGateway and New-AzureRmVirtualNetworkGatewayIpConfig), I thought I would try and see if it was possible to create and fully configure a Virtual Network and Gateway using PowerShell. I have posted my PowerShell script examples and efforst here.

NOTE: Several of these command return  a warning (shown below) which means things will be changing soon…again 😉 …and other just exception, so although you can setup a Virtual Network you can not create the Gateway!

2017-01-05_15-39-25

I am using version 3.3.0 of the Azure cmdlets.

# Get Azure cmdlets version
Get-Module -ListAvailable -Name Azure -Refresh

Steps

  1. Setup variables, login and set current context
    # Setup Variables
    $location = "North Europe"
    $rgName = "MyResourceGroup"
    $strgAccount = "MyStorageAccount"
    $vnetName = "vnet-1"
    $gatewayPIPName = "gateway-2-pip"
    $clientAddressPool = "192.168.0.0/16"
    $gatewayName = "mygateway1"
    
    # Setup PowerShell Environment
    Add-AzureRmAccount
    Select-AzureRmSubscription -SubscriptionName "MySubscription"
    Set-AzureRmCurrentStorageAccount -ResourceGroupName $rgName -Name $strgAccount
    # get and check current context (ARM)
    Get-AzureRmContext
  2. Create the Virtual Network (include a subnet called ‘GatewaySubnet‘ specifically for the VPN Gateway. It appears this is required even if using the Portal to add a Gateway to a Virtual Network.)
    # Create the Virtual Network with 3 subnets)
    # Setup Subnets
    $gatewaySubnet = New-AzureRmVirtualNetworkSubnetConfig `
        -Name GatewaySubnet -AddressPrefix "10.1.0.0/24"
    $frontendSubnet = New-AzureRmVirtualNetworkSubnetConfig `
        -Name frontendSubnet -AddressPrefix "10.1.1.0/24"
    $backendSubnet = New-AzureRmVirtualNetworkSubnetConfig `
        -Name backendSubnet -AddressPrefix "10.1.2.0/24"
    # Create VNet
    $vnet = New-AzureRmVirtualNetwork -Name $vnetName `
        -ResourceGroupName $rgName -Location $location `
        -AddressPrefix "10.1.0.0/16" `
        -Subnet $gatewaySubnet,$frontendSubnet,$backendSubnet
  3. Create a Public IP Address (PIP) to be used by the Gateway
    # Create a PIP
    $pip = New-AzureRmPublicIpAddress -AllocationMethod Dynamic `
        -ResourceGroupName $rgName -Location $location `
        -Name $gatewayPIPName
  4. Create the VNet Gateway (Attempt 1Although I can’t see any issues in the script below, unfortunately this is returning a 500 Internal Server Error. I have tried a number of variations!!)
    # Gateway config
    $vnetGatewayIPConf = New-AzureRmVirtualNetworkGatewayIpConfig -Name default `
        -PublicIpAddress $pip -Subnet $gatewaySubnet
    # Create VNet Gateway
    $vnetGateway = New-AzureRmVirtualNetworkGateway -Name "hmstraingateway1" 
        -ResourceGroupName $rgName `
        -Location $location `
        -IpConfigurations $vnetGatewayIPConf `
        -GatewayType Vpn `
        -VpnType RouteBased `
        -GatewaySku Basic `
        -VpnClientAddressPool $clientAddressPool

     

Attempt 2: I then thought I would see if it would be possible to complete the process using ARM Templates. When attempting to get an ARM Template for an existing Virtual Network Gateway we get the following errors.

Error details - Microsoft Azure 
  • The schema of resource type 'Microsoft.Network/virtualNetworkGateways' is 
    not available. Resources of this type will not be exported to the template. 
    (Code: ResourceTypeSchemaNotFound)
  • The schema of resource type 'Microsoft.Web/connections' is not available. 
    Resources of this type will not be exported to the template. 
    (Code: ResourceTypeSchemaNotFound)

This effectively indicates that the ARM capability of this type of resource is not yet all there in Azure. I seem to come across issue like this quite a lot.

Also with the ARM Virtual Network you can’t use the Get-AzureVNetConfig to download the configuration files either.

So in conclusion the only way to currently create a Gateway and complete the process, is to use the Azure Portal. Please comment below if you know of another way or have spotted an issue.

Links

New-AzureRmVirtualNetworkGatewayIpConfig (https://docs.microsoft.com/en-us/powershell/resourcemanager/azurerm.network/v2.1.0/new-azurermvirtualnetworkgatewayipconfig)

New-AzureRmVirtualNetworkGateway (https://docs.microsoft.com/en-us/powershell/resourcemanager/AzureRM.Network/v1.0.13/New-AzureRmVirtualNetworkGateway?redirectedfrom=msdn)

Save