diff --git a/.infracost/pricing.gob b/.infracost/pricing.gob index 57feda8..ce888ce 100644 Binary files a/.infracost/pricing.gob and b/.infracost/pricing.gob differ diff --git a/.infracost/terraform_modules/manifest-4975ab88bc48b751ebddba9db0b5f06b.json b/.infracost/terraform_modules/manifest-4975ab88bc48b751ebddba9db0b5f06b.json new file mode 100644 index 0000000..594dcc0 --- /dev/null +++ b/.infracost/terraform_modules/manifest-4975ab88bc48b751ebddba9db0b5f06b.json @@ -0,0 +1 @@ +{"Path":"d:\\Projects\\azure-network-hub-spoke\\800_onprem_vpn","Version":"2.0","Modules":[]} \ No newline at end of file diff --git a/800_onprem_vpn/cert.cer b/800_onprem_vpn/cert.cer deleted file mode 100644 index f8cf18e..0000000 Binary files a/800_onprem_vpn/cert.cer and /dev/null differ diff --git a/800_onprem_vpn/private_dns_zone.tf b/800_onprem_vpn/private_dns_zone.tf new file mode 100644 index 0000000..0928587 --- /dev/null +++ b/800_onprem_vpn/private_dns_zone.tf @@ -0,0 +1,19 @@ +resource "azurerm_private_dns_zone" "private-dns-zone" { + name = "internal.corp" + resource_group_name = azurerm_resource_group.rg.name +} + +resource "azurerm_private_dns_a_record" "dns_a_record_test" { + name = "vm" + zone_name = azurerm_private_dns_zone.private-dns-zone.name + resource_group_name = azurerm_private_dns_zone.private-dns-zone.resource_group_name + ttl = 300 + records = [azurerm_linux_virtual_machine.vm.private_ip_address] # just example IP address +} + +resource "azurerm_private_dns_zone_virtual_network_link" "link-dns-vnet" { + name = "link-dns-vnet" + resource_group_name = azurerm_private_dns_zone.private-dns-zone.resource_group_name + private_dns_zone_name = azurerm_private_dns_zone.private-dns-zone.name + virtual_network_id = azurerm_virtual_network.vnet-hub.id +} \ No newline at end of file diff --git a/800_onprem_vpn/rg.tf b/800_onprem_vpn/rg.tf index 1f3e8fe..ba66285 100644 --- a/800_onprem_vpn/rg.tf +++ b/800_onprem_vpn/rg.tf @@ -1,4 +1,4 @@ resource "azurerm_resource_group" "rg" { - name = "rg-vnet-gateway-${var.prefix}" + name = "rg-vnet-gateway-basic-${var.prefix}" location = "westeurope" } \ No newline at end of file diff --git a/800_onprem_vpn/terraform.tfstate b/800_onprem_vpn/terraform.tfstate index 6896de9..67eb7fe 100644 --- a/800_onprem_vpn/terraform.tfstate +++ b/800_onprem_vpn/terraform.tfstate @@ -1,8 +1,8 @@ { "version": 4, "terraform_version": "1.7.1", - "serial": 13, - "lineage": "e75c2bed-c401-4ef8-3e42-12b8ba6da9db", + "serial": 19, + "lineage": "70f7366e-2253-0991-4b59-25811a375523", "outputs": {}, "resources": [ { @@ -37,14 +37,14 @@ "eviction_policy": "", "extensions_time_budget": "PT1H30M", "gallery_application": [], - "id": "/subscriptions/82f6d75e-85f4-434a-ab74-5dddd9fa8910/resourceGroups/rg-vnet-gateway-800/providers/Microsoft.Compute/virtualMachines/vm-linux", + "id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Compute/virtualMachines/vm-linux", "identity": [], "license_type": "", "location": "westeurope", "max_bid_price": -1, "name": "vm-linux", "network_interface_ids": [ - "/subscriptions/82f6d75e-85f4-434a-ab74-5dddd9fa8910/resourceGroups/rg-vnet-gateway-800/providers/Microsoft.Network/networkInterfaces/nic-vm" + "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/networkInterfaces/nic-vm" ], "os_disk": [ { @@ -52,7 +52,7 @@ "diff_disk_settings": [], "disk_encryption_set_id": "", "disk_size_gb": 30, - "name": "vm-linux_OsDisk_1_1dfddf95e1794e65ba41d4bd51f12ecb", + "name": "vm-linux_OsDisk_1_3dcea540c9924a86b89a1129672a6997", "secure_vm_disk_encryption_set_id": "", "security_encryption_type": "", "storage_account_type": "Standard_LRS", @@ -70,12 +70,10 @@ ], "provision_vm_agent": true, "proximity_placement_group_id": "", - "public_ip_address": "40.114.147.189", - "public_ip_addresses": [ - "40.114.147.189" - ], + "public_ip_address": "", + "public_ip_addresses": [], "reboot_setting": "", - "resource_group_name": "rg-vnet-gateway-800", + "resource_group_name": "rg-vnet-gateway-basic-800", "secret": [], "secure_boot_enabled": false, "size": "Standard_B2als_v2", @@ -88,11 +86,11 @@ "version": "latest" } ], - "tags": null, - "termination_notification": null, + "tags": {}, + "termination_notification": [], "timeouts": null, "user_data": "", - "virtual_machine_id": "beffe6eb-2774-43fb-8fdf-24a4aa6c35ef", + "virtual_machine_id": "4ba60fe7-0367-4422-88cd-9319221f8c96", "virtual_machine_scale_set_id": "", "vtpm_enabled": false, "zone": "" @@ -125,9 +123,9 @@ "edge_zone": "", "enable_accelerated_networking": false, "enable_ip_forwarding": false, - "id": "/subscriptions/82f6d75e-85f4-434a-ab74-5dddd9fa8910/resourceGroups/rg-vnet-gateway-800/providers/Microsoft.Network/networkInterfaces/nic-vm", + "id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/networkInterfaces/nic-vm", "internal_dns_name_label": "", - "internal_domain_name_suffix": "", + "internal_domain_name_suffix": "nld3mr2gb2rupeqxviexc1s5dd.ax.internal.cloudapp.net", "ip_configuration": [ { "gateway_load_balancer_frontend_ip_configuration_id": "", @@ -136,25 +134,113 @@ "private_ip_address": "10.0.2.4", "private_ip_address_allocation": "Dynamic", "private_ip_address_version": "IPv4", - "public_ip_address_id": "/subscriptions/82f6d75e-85f4-434a-ab74-5dddd9fa8910/resourceGroups/rg-vnet-gateway-800/providers/Microsoft.Network/publicIPAddresses/pip-vm", - "subnet_id": "/subscriptions/82f6d75e-85f4-434a-ab74-5dddd9fa8910/resourceGroups/rg-vnet-gateway-800/providers/Microsoft.Network/virtualNetworks/vnet-hub/subnets/subnet-vm" + "public_ip_address_id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/publicIPAddresses/pip-vm", + "subnet_id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/virtualNetworks/vnet-hub-weu/subnets/subnet-vm" } ], "location": "westeurope", - "mac_address": "00-0D-3A-2D-19-69", + "mac_address": "00-0D-3A-2F-16-24", "name": "nic-vm", "private_ip_address": "10.0.2.4", "private_ip_addresses": [ "10.0.2.4" ], - "resource_group_name": "rg-vnet-gateway-800", + "resource_group_name": "rg-vnet-gateway-basic-800", "tags": {}, "timeouts": null, + "virtual_machine_id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Compute/virtualMachines/vm-linux" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInJlYWQiOjMwMDAwMDAwMDAwMCwidXBkYXRlIjoxODAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "azurerm_public_ip.pip-vm", + "azurerm_resource_group.rg", + "azurerm_subnet.subnet-vm", + "azurerm_virtual_network.vnet-hub" + ] + } + ] + }, + { + "mode": "managed", + "type": "azurerm_network_interface", + "name": "nic-vm-windows", + "provider": "provider[\"registry.terraform.io/hashicorp/azurerm\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "applied_dns_servers": [], + "auxiliary_mode": "", + "auxiliary_sku": "", + "dns_servers": [], + "edge_zone": "", + "enable_accelerated_networking": false, + "enable_ip_forwarding": false, + "id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/networkInterfaces/nic-vm-windows", + "internal_dns_name_label": "", + "internal_domain_name_suffix": "nld3mr2gb2rupeqxviexc1s5dd.ax.internal.cloudapp.net", + "ip_configuration": [ + { + "gateway_load_balancer_frontend_ip_configuration_id": "", + "name": "internal", + "primary": true, + "private_ip_address": "10.0.2.5", + "private_ip_address_allocation": "Dynamic", + "private_ip_address_version": "IPv4", + "public_ip_address_id": "", + "subnet_id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/virtualNetworks/vnet-hub-weu/subnets/subnet-vm" + } + ], + "location": "westeurope", + "mac_address": "", + "name": "nic-vm-windows", + "private_ip_address": "10.0.2.5", + "private_ip_addresses": [ + "10.0.2.5" + ], + "resource_group_name": "rg-vnet-gateway-basic-800", + "tags": null, + "timeouts": null, "virtual_machine_id": "" }, "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInJlYWQiOjMwMDAwMDAwMDAwMCwidXBkYXRlIjoxODAwMDAwMDAwMDAwfX0=", "dependencies": [ + "azurerm_resource_group.rg", + "azurerm_subnet.subnet-vm", + "azurerm_virtual_network.vnet-hub" + ] + } + ] + }, + { + "mode": "managed", + "type": "azurerm_private_dns_a_record", + "name": "dns_a_record_test", + "provider": "provider[\"registry.terraform.io/hashicorp/azurerm\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "fqdn": "vm.internal.corp.", + "id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/privateDnsZones/internal.corp/A/vm", + "name": "vm", + "records": [ + "10.0.2.4" + ], + "resource_group_name": "rg-vnet-gateway-basic-800", + "tags": {}, + "timeouts": null, + "ttl": 300, + "zone_name": "internal.corp" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInJlYWQiOjMwMDAwMDAwMDAwMCwidXBkYXRlIjoxODAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "azurerm_linux_virtual_machine.vm", + "azurerm_network_interface.nic-vm", + "azurerm_private_dns_zone.private-dns-zone", "azurerm_public_ip.pip-vm", "azurerm_resource_group.rg", "azurerm_subnet.subnet-vm", @@ -163,6 +249,75 @@ } ] }, + { + "mode": "managed", + "type": "azurerm_private_dns_zone", + "name": "private-dns-zone", + "provider": "provider[\"registry.terraform.io/hashicorp/azurerm\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/privateDnsZones/internal.corp", + "max_number_of_record_sets": 25000, + "max_number_of_virtual_network_links": 1000, + "max_number_of_virtual_network_links_with_registration": 100, + "name": "internal.corp", + "number_of_record_sets": 2, + "resource_group_name": "rg-vnet-gateway-basic-800", + "soa_record": [ + { + "email": "azureprivatedns-host.microsoft.com", + "expire_time": 2419200, + "fqdn": "internal.corp.", + "host_name": "azureprivatedns.net", + "minimum_ttl": 10, + "refresh_time": 3600, + "retry_time": 300, + "serial_number": 1, + "tags": {}, + "ttl": 3600 + } + ], + "tags": {}, + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInJlYWQiOjMwMDAwMDAwMDAwMCwidXBkYXRlIjoxODAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "azurerm_resource_group.rg" + ] + } + ] + }, + { + "mode": "managed", + "type": "azurerm_private_dns_zone_virtual_network_link", + "name": "link-dns-vnet", + "provider": "provider[\"registry.terraform.io/hashicorp/azurerm\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/privateDnsZones/internal.corp/virtualNetworkLinks/link-dns-vnet", + "name": "link-dns-vnet", + "private_dns_zone_name": "internal.corp", + "registration_enabled": false, + "resource_group_name": "rg-vnet-gateway-basic-800", + "tags": {}, + "timeouts": null, + "virtual_network_id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/virtualNetworks/vnet-hub-weu" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInJlYWQiOjMwMDAwMDAwMDAwMCwidXBkYXRlIjoxODAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "azurerm_private_dns_zone.private-dns-zone", + "azurerm_resource_group.rg", + "azurerm_virtual_network.vnet-hub" + ] + } + ] + }, { "mode": "managed", "type": "azurerm_public_ip", @@ -178,7 +333,7 @@ "domain_name_label": null, "edge_zone": "", "fqdn": null, - "id": "/subscriptions/82f6d75e-85f4-434a-ab74-5dddd9fa8910/resourceGroups/rg-vnet-gateway-800/providers/Microsoft.Network/publicIPAddresses/pip-vm", + "id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/publicIPAddresses/pip-vm", "idle_timeout_in_minutes": 4, "ip_address": "", "ip_tags": {}, @@ -186,7 +341,7 @@ "location": "westeurope", "name": "pip-vm", "public_ip_prefix_id": null, - "resource_group_name": "rg-vnet-gateway-800", + "resource_group_name": "rg-vnet-gateway-basic-800", "reverse_fqdn": null, "sku": "Basic", "sku_tier": "Regional", @@ -217,15 +372,15 @@ "domain_name_label": null, "edge_zone": "", "fqdn": null, - "id": "/subscriptions/82f6d75e-85f4-434a-ab74-5dddd9fa8910/resourceGroups/rg-vnet-gateway-800/providers/Microsoft.Network/publicIPAddresses/pip-vnet-gateway", + "id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/publicIPAddresses/pip-vnet-gateway", "idle_timeout_in_minutes": 4, - "ip_address": "40.68.95.206", + "ip_address": "20.229.244.141", "ip_tags": {}, "ip_version": "IPv4", "location": "westeurope", "name": "pip-vnet-gateway", "public_ip_prefix_id": null, - "resource_group_name": "rg-vnet-gateway-800", + "resource_group_name": "rg-vnet-gateway-basic-800", "reverse_fqdn": null, "sku": "Basic", "sku_tier": "Regional", @@ -250,10 +405,10 @@ { "schema_version": 0, "attributes": { - "id": "/subscriptions/82f6d75e-85f4-434a-ab74-5dddd9fa8910/resourceGroups/rg-vnet-gateway-800", + "id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800", "location": "westeurope", "managed_by": "", - "name": "rg-vnet-gateway-800", + "name": "rg-vnet-gateway-basic-800", "tags": {}, "timeouts": null }, @@ -277,15 +432,15 @@ "delegation": [], "enforce_private_link_endpoint_network_policies": false, "enforce_private_link_service_network_policies": false, - "id": "/subscriptions/82f6d75e-85f4-434a-ab74-5dddd9fa8910/resourceGroups/rg-vnet-gateway-800/providers/Microsoft.Network/virtualNetworks/vnet-hub/subnets/GatewaySubnet", + "id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/virtualNetworks/vnet-hub-weu/subnets/GatewaySubnet", "name": "GatewaySubnet", "private_endpoint_network_policies_enabled": true, "private_link_service_network_policies_enabled": true, - "resource_group_name": "rg-vnet-gateway-800", + "resource_group_name": "rg-vnet-gateway-basic-800", "service_endpoint_policy_ids": [], "service_endpoints": [], "timeouts": null, - "virtual_network_name": "vnet-hub" + "virtual_network_name": "vnet-hub-weu" }, "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInJlYWQiOjMwMDAwMDAwMDAwMCwidXBkYXRlIjoxODAwMDAwMDAwMDAwfX0=", @@ -311,15 +466,15 @@ "delegation": [], "enforce_private_link_endpoint_network_policies": false, "enforce_private_link_service_network_policies": false, - "id": "/subscriptions/82f6d75e-85f4-434a-ab74-5dddd9fa8910/resourceGroups/rg-vnet-gateway-800/providers/Microsoft.Network/virtualNetworks/vnet-hub/subnets/subnet-vm", + "id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/virtualNetworks/vnet-hub-weu/subnets/subnet-vm", "name": "subnet-vm", "private_endpoint_network_policies_enabled": true, "private_link_service_network_policies_enabled": true, - "resource_group_name": "rg-vnet-gateway-800", + "resource_group_name": "rg-vnet-gateway-basic-800", "service_endpoint_policy_ids": [], "service_endpoints": [], "timeouts": null, - "virtual_network_name": "vnet-hub" + "virtual_network_name": "vnet-hub-weu" }, "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInJlYWQiOjMwMDAwMDAwMDAwMCwidXBkYXRlIjoxODAwMDAwMDAwMDAwfX0=", @@ -348,21 +503,21 @@ "edge_zone": "", "encryption": [], "flow_timeout_in_minutes": 0, - "guid": "5662ad84-afe7-45a1-90af-c2d42cf3e1a3", - "id": "/subscriptions/82f6d75e-85f4-434a-ab74-5dddd9fa8910/resourceGroups/rg-vnet-gateway-800/providers/Microsoft.Network/virtualNetworks/vnet-hub", + "guid": "47d6c76a-0f86-4723-9217-aa09716e5f1b", + "id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/virtualNetworks/vnet-hub-weu", "location": "westeurope", - "name": "vnet-hub", - "resource_group_name": "rg-vnet-gateway-800", + "name": "vnet-hub-weu", + "resource_group_name": "rg-vnet-gateway-basic-800", "subnet": [ { "address_prefix": "10.0.0.0/24", - "id": "/subscriptions/82f6d75e-85f4-434a-ab74-5dddd9fa8910/resourceGroups/rg-vnet-gateway-800/providers/Microsoft.Network/virtualNetworks/vnet-hub/subnets/GatewaySubnet", + "id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/virtualNetworks/vnet-hub-weu/subnets/GatewaySubnet", "name": "GatewaySubnet", "security_group": "" }, { "address_prefix": "10.0.2.0/24", - "id": "/subscriptions/82f6d75e-85f4-434a-ab74-5dddd9fa8910/resourceGroups/rg-vnet-gateway-800/providers/Microsoft.Network/virtualNetworks/vnet-hub/subnets/subnet-vm", + "id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/virtualNetworks/vnet-hub-weu/subnets/subnet-vm", "name": "subnet-vm", "security_group": "" } @@ -389,37 +544,20 @@ "attributes": { "active_active": false, "bgp_route_translation_for_nat_enabled": false, - "bgp_settings": [ - { - "asn": 65515, - "peer_weight": 0, - "peering_addresses": [ - { - "apipa_addresses": [], - "default_addresses": [ - "10.0.0.254" - ], - "ip_configuration_name": "vnetGatewayConfig", - "tunnel_ip_addresses": [ - "40.68.95.206" - ] - } - ] - } - ], + "bgp_settings": [], "custom_route": [], "default_local_network_gateway_id": null, "dns_forwarding_enabled": false, "edge_zone": "", "enable_bgp": false, "generation": "Generation1", - "id": "/subscriptions/82f6d75e-85f4-434a-ab74-5dddd9fa8910/resourceGroups/rg-vnet-gateway-800/providers/Microsoft.Network/virtualNetworkGateways/vnet-gateway", + "id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/virtualNetworkGateways/vnet-gateway", "ip_configuration": [ { "name": "vnetGatewayConfig", "private_ip_address_allocation": "Dynamic", - "public_ip_address_id": "/subscriptions/82f6d75e-85f4-434a-ab74-5dddd9fa8910/resourceGroups/rg-vnet-gateway-800/providers/Microsoft.Network/publicIPAddresses/pip-vnet-gateway", - "subnet_id": "/subscriptions/82f6d75e-85f4-434a-ab74-5dddd9fa8910/resourceGroups/rg-vnet-gateway-800/providers/Microsoft.Network/virtualNetworks/vnet-hub/subnets/GatewaySubnet" + "public_ip_address_id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/publicIPAddresses/pip-vnet-gateway", + "subnet_id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/virtualNetworks/vnet-hub-weu/subnets/GatewaySubnet" } ], "ip_sec_replay_protection_enabled": true, @@ -428,8 +566,8 @@ "policy_group": [], "private_ip_address_enabled": false, "remote_vnet_traffic_enabled": false, - "resource_group_name": "rg-vnet-gateway-800", - "sku": "VpnGw2", + "resource_group_name": "rg-vnet-gateway-basic-800", + "sku": "Basic", "tags": {}, "timeouts": null, "type": "Vpn", @@ -450,7 +588,7 @@ "root_certificate": [ { "name": "P2SRootCert800", - "public_cert_data": "MIIC7TCCAdWgAwIBAgIQNkgiCmzvDLpIQ8I5RT9zkzANBgkqhkiG9w0BAQsFADAZ\r\nMRcwFQYDVQQDDA5QMlNSb290Q2VydDgwMDAeFw0yNDAxMjcwODE2MjdaFw0yNjAx\r\nMjcwODI2MjdaMBkxFzAVBgNVBAMMDlAyU1Jvb3RDZXJ0ODAwMIIBIjANBgkqhkiG\r\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyfFE0FvBMKMBU2uGFG/Drxnn8irLA3tmwN5\r\n+qvhC1XneEVXShmaESjN/ETElL6u86EK2UwDUBdkcT5Gl3SRJu61ZND1SEsBNIC1\r\nFC9bMFMDpP4oVaaoQLxTQT2n8vW0oXr4srAOTNzPkUnH0rir/5GoVtEbrXyyOn79\r\ndmj6/hK7kkAIpO3OIj1oVEblG0XVV0mildm72ue4Jxw6zxulcvxCNGYnOyh+SjuS\r\nDdC6puqWVoCIpTCMnEPOPiaUwppIDlH1xUfD62gumnAkTzNymj9C/3orDRWqhiTd\r\n/nTdjSeySyzlWoregkG/hFYMWShnf+uCxXfrkJxjiFMO1oW0WQIDAQABozEwLzAO\r\nBgNVHQ8BAf8EBAMCAgQwHQYDVR0OBBYEFMax7OnaILaPu51P4Jn8r8oQdhCTMA0G\r\nCSqGSIb3DQEBCwUAA4IBAQBrMCaq26XUWCkkGtpw6Imw7Sg5LvkARhYP35OOIAQA\r\nO/BN/o/UWwJCdO1c4CG3oXpAxNXcu4U62FpwQGhASB3aGQwolQQ64hOx3ax2insT\r\nb/wwN5fH6Qz9sxRkG2tKJOyT5ikaE5rxGIciOGovNWikf/tIBTolwOoLmBAeDXXS\r\nifyOqxKWJmhft76MuhXsZ/nBirVAjXPxQAN5R2caaU+wnmDVcNS/dqEWqRiiWj+4\r\nVseTSQkrH0DvOWXbjp4aGiZxh+sUZvSMCzHZ9/cT26jfcqwecbi8gdJ6T+kuluk6\r\n0/g2BuU1zKvngP8o/5/25VT47+ts3F4VeapFnm0QzOOg\r\n" + "public_cert_data": "\r\nMIIC7TCCAdWgAwIBAgIQNkgiCmzvDLpIQ8I5RT9zkzANBgkqhkiG9w0BAQsFADAZ\r\nMRcwFQYDVQQDDA5QMlNSb290Q2VydDgwMDAeFw0yNDAxMjcwODE2MjdaFw0yNjAx\r\nMjcwODI2MjdaMBkxFzAVBgNVBAMMDlAyU1Jvb3RDZXJ0ODAwMIIBIjANBgkqhkiG\r\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyfFE0FvBMKMBU2uGFG/Drxnn8irLA3tmwN5\r\n+qvhC1XneEVXShmaESjN/ETElL6u86EK2UwDUBdkcT5Gl3SRJu61ZND1SEsBNIC1\r\nFC9bMFMDpP4oVaaoQLxTQT2n8vW0oXr4srAOTNzPkUnH0rir/5GoVtEbrXyyOn79\r\ndmj6/hK7kkAIpO3OIj1oVEblG0XVV0mildm72ue4Jxw6zxulcvxCNGYnOyh+SjuS\r\nDdC6puqWVoCIpTCMnEPOPiaUwppIDlH1xUfD62gumnAkTzNymj9C/3orDRWqhiTd\r\n/nTdjSeySyzlWoregkG/hFYMWShnf+uCxXfrkJxjiFMO1oW0WQIDAQABozEwLzAO\r\nBgNVHQ8BAf8EBAMCAgQwHQYDVR0OBBYEFMax7OnaILaPu51P4Jn8r8oQdhCTMA0G\r\nCSqGSIb3DQEBCwUAA4IBAQBrMCaq26XUWCkkGtpw6Imw7Sg5LvkARhYP35OOIAQA\r\nO/BN/o/UWwJCdO1c4CG3oXpAxNXcu4U62FpwQGhASB3aGQwolQQ64hOx3ax2insT\r\nb/wwN5fH6Qz9sxRkG2tKJOyT5ikaE5rxGIciOGovNWikf/tIBTolwOoLmBAeDXXS\r\nifyOqxKWJmhft76MuhXsZ/nBirVAjXPxQAN5R2caaU+wnmDVcNS/dqEWqRiiWj+4\r\nVseTSQkrH0DvOWXbjp4aGiZxh+sUZvSMCzHZ9/cT26jfcqwecbi8gdJ6T+kuluk6\r\n0/g2BuU1zKvngP8o/5/25VT47+ts3F4VeapFnm0QzOOg\r\n\r\n" } ], "virtual_network_gateway_client_connection": [], @@ -458,8 +596,7 @@ "Certificate" ], "vpn_client_protocols": [ - "IkeV2", - "OpenVPN" + "SSTP" ] } ], @@ -475,6 +612,110 @@ ] } ] + }, + { + "mode": "managed", + "type": "azurerm_windows_virtual_machine", + "name": "vm", + "provider": "provider[\"registry.terraform.io/hashicorp/azurerm\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "additional_capabilities": [], + "additional_unattend_content": [], + "admin_password": "@Aa123456789", + "admin_username": "azureuser", + "allow_extension_operations": true, + "availability_set_id": "", + "boot_diagnostics": [ + { + "storage_account_uri": "" + } + ], + "bypass_platform_safety_checks_on_user_schedule_enabled": false, + "capacity_reservation_group_id": "", + "computer_name": "vm-jumpbox-w11", + "custom_data": null, + "dedicated_host_group_id": "", + "dedicated_host_id": "", + "edge_zone": "", + "enable_automatic_updates": true, + "encryption_at_host_enabled": false, + "eviction_policy": "", + "extensions_time_budget": "PT1H30M", + "gallery_application": [], + "hotpatching_enabled": false, + "id": "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Compute/virtualMachines/vm-jumpbox-w11", + "identity": [], + "license_type": "", + "location": "westeurope", + "max_bid_price": -1, + "name": "vm-jumpbox-w11", + "network_interface_ids": [ + "/subscriptions/38977b70-47bf-4da5-a492-88712fce8725/resourceGroups/rg-vnet-gateway-basic-800/providers/Microsoft.Network/networkInterfaces/nic-vm-windows" + ], + "os_disk": [ + { + "caching": "ReadWrite", + "diff_disk_settings": [], + "disk_encryption_set_id": "", + "disk_size_gb": 127, + "name": "vm-jumpbox-w11_OsDisk_1_c49ae06e9404402480eca70999e7d5c9", + "secure_vm_disk_encryption_set_id": "", + "security_encryption_type": "", + "storage_account_type": "Standard_LRS", + "write_accelerator_enabled": false + } + ], + "patch_assessment_mode": "ImageDefault", + "patch_mode": "AutomaticByOS", + "plan": [], + "platform_fault_domain": -1, + "priority": "Regular", + "private_ip_address": "10.0.2.5", + "private_ip_addresses": [ + "10.0.2.5" + ], + "provision_vm_agent": true, + "proximity_placement_group_id": "", + "public_ip_address": "", + "public_ip_addresses": [], + "reboot_setting": "", + "resource_group_name": "rg-vnet-gateway-basic-800", + "secret": [], + "secure_boot_enabled": false, + "size": "Standard_B2als_v2", + "source_image_id": "", + "source_image_reference": [ + { + "offer": "windows-11", + "publisher": "MicrosoftWindowsDesktop", + "sku": "win11-23h2-pro", + "version": "latest" + } + ], + "tags": null, + "termination_notification": null, + "timeouts": null, + "timezone": "", + "user_data": "", + "virtual_machine_id": "fc0dacc0-5624-48c4-aca4-d89b926825a6", + "virtual_machine_scale_set_id": "", + "vtpm_enabled": false, + "winrm_listener": [], + "zone": "" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoyNzAwMDAwMDAwMDAwLCJkZWxldGUiOjI3MDAwMDAwMDAwMDAsInJlYWQiOjMwMDAwMDAwMDAwMCwidXBkYXRlIjoyNzAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "azurerm_network_interface.nic-vm-windows", + "azurerm_resource_group.rg", + "azurerm_subnet.subnet-vm", + "azurerm_virtual_network.vnet-hub" + ] + } + ] } ], "check_results": null diff --git a/800_onprem_vpn/vnet.tf b/800_onprem_vpn/vnet.tf index 51072f2..adff6d3 100644 --- a/800_onprem_vpn/vnet.tf +++ b/800_onprem_vpn/vnet.tf @@ -1,5 +1,5 @@ resource "azurerm_virtual_network" "vnet-hub" { - name = "vnet-hub" + name = "vnet-hub-weu" resource_group_name = azurerm_resource_group.rg.name location = azurerm_resource_group.rg.location address_space = ["10.0.0.0/16"] diff --git a/800_onprem_vpn/vnet_gateway.tf b/800_onprem_vpn/vnet_gateway.tf index 05e248d..a6203e5 100644 --- a/800_onprem_vpn/vnet_gateway.tf +++ b/800_onprem_vpn/vnet_gateway.tf @@ -10,12 +10,16 @@ resource "azurerm_virtual_network_gateway" "vnet-gateway" { location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name - type = "Vpn" # ExpressRoute + type = "Vpn" # ExpressRoute vpn_type = "RouteBased" # PolicyBased active_active = false enable_bgp = false - sku = "VpnGw2" # Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ + # sku = "VpnGw2" # Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ + # generation = "Generation2" # Generation2 is only value for a sku larger than VpnGw2 or VpnGw2AZ + + sku = "Basic" + generation = "Generation1" ip_configuration { name = "vnetGatewayConfig" @@ -28,31 +32,8 @@ resource "azurerm_virtual_network_gateway" "vnet-gateway" { address_space = ["10.1.0.0/24"] root_certificate { - name = "P2SRootCert800" - # public_cert_data = filebase64("./certs/P2SRootCert800.cer") - public_cert_data = <