![]() ![]() $gateway = Get-AzVirtualNetworkGateway -ResourceGroupName $rgNetworkSpoke -Name $gatewayName -ErrorAction Stop If it is not declared correctly or the resource is not there, exit the script # Check the VPN gateway variable and the existence of the resource. Without any errors, it will need around 6 minutes to complete" $writeSeperatorSpaces $currentTime)` Write-Host ($writeEmptyLine "# Script started. foregroundcolor $foregroundColor1 $writeEmptyLine Write-Host ($writeEmptyLine "# Please run PowerShell as Administrator" $writeSeperatorSpaces $currentTime)` $isAdministrator = $currentPrincipal.IsInRole(::Administrator) $currentPrincipal = New-Object (::GetCurrent()) # Check if running as Administrator, otherwise exit the script $global:currenttime= Set-PSBreakpoint -Variable currenttime -Mode Read -Action $vpnClientConfigDestinationFolder = $tempFolder $vpnClientConfigZip $vpnClientConfigZip = "vpnclientconfiguration.zip" $tempFolder = "C:\" $tempFolderName "\" $rootCertBase64Path = # The file path to the exported root Base-64 encoded X.509 (.CER) file. $rootCertName = # The name of the root certificate. $vpnClientAddressPool = # The VPN client address pool from which the VPN clients receive an IP address. $gatewayName = # The existing virtual network gateway. ![]() $rgNetworkSpoke = # The Azure resource group in which your existing VNet is deployed. And if you are using multiple Azure subscriptions, select the proper subscription with the Get-AzSubscription cmdlet before running the script. If you are not running the script from Cloud Shell, don’t forget to sign in with the Connect-AzAccount cmdlet to connect your Azure account. You can find the related blog post over here or you can download the script directly from GitHub. ![]() * I already wrote a PowerShell script you can use to automate the creation of a new self-signed root certificate and a client certificate for use with an Azure P2S VPN. CER file) * stored in the C:\Temp folder on the device where you run the script. A self-signed root certificate (a base-64 encoded X.509.C:\Temp folder must exist (or your own specified folder, adjust variables accordingly) on the device where you run the script.An existing VNet (preferably the HUB VNet) and Azure VPN Gateway (at least with a SKU VpnGw1).An Azure Administrator account with the necessary RBAC roles.Or you can simply run it from Cloud Shell. Then before using the script, adjust all variables to your use (you can find an adjusted example in a screenshot below) and then run the customized script with Administrator privileges from Windows Terminal, Visual Studio Code, or Windows PowerShell. To use the script copy and save it as Configure-P2S-VPN-to-an-existing-VNet-using-Azure-certificate-authentication.ps1 or download it from GitHub. Generate the VPN client configuration files and download them as a zipped folder (vpnclientconfiguration.zip) in the C:\Temp folder.Add the client root certificate to the VPN gateway.Add the VPN client address pool to the VPN gateway.CER file) is present in the C:\Temp folder, otherwise the script will be exited. Check if the root certificate (a base-64 encoded X.509.Check if the VPN gateway variable is correctly declared and/or if the VPN gateway resource exists in the targeted Azure subscription, otherwise the script will be exited.Check if the PowerShell window is running as Administrator (which is a requirement), otherwise the Azure PowerShell script will be exited.And to make it all a little easier and more automated, I wrote the below Azure PowerShell script which does all of the following: You can use Azure CLI, ARM templates or Bicep, but in this blog post I will focus on how you can use Azure PowerShell to configure a P2S VPN to an existing VNet using Azure certificate authentication. Just like with almost all other Azure resources and services, there are different ways you can deploy and configure a P2S VPN. If you’re interested, you can always find more information about P2S VPN connections on this Microsoft Docs page Next to that you can also use it instead of a Site-to-Site (S2S) VPN, when you for example only need to connect a few client devices to that VNet. Like when you are working from home or from a customer’s site on your own or corporate Windows 11 device. ![]() Such a P2S VPN connection can be useful when you want to securely connect to resources in that VNet or any of it’s peered VNets from a client device on a remote location. These days there are different authentication methods you can use to configure a Point-to-Site (P2S) VPN connection to a VNet in Azure. ![]()
0 Comments
Leave a Reply. |