Import-Module -Name Az
# Create a VNet with a Site-to-Site VPN connection using PowerShell
# https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-create-site-to-site-rm-powershell
$RegionLocation = 'Japan East';
$ResourceGroupName = 'Infra_Network';
$vNetName = 'Corp-vNet';
$VirtualNetworkGateway_PublicIP_Name = 'Azure_VPN_IP';
$VirtualNetworkGateway_Name = 'Azure_VPN_Gateway';
$LocalNetworkGateway_Name = 'Local_VPN_Gateway';
$AzureVPNConnection_Name = 'Azure_VPN_Connection';
$VPNSharedKey = (("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".tochararray() | sort {Get-Random})[0..32] -join '');
$GatewaySku = 'Basic';
$LocalNetworkIPAddress = '168.95.1.1';
$LocalNetworkAddressSpace = @('10.255.0.0/16');
$LocalRRAS_VPNName = 'AzureVPN';
$LocalDNSServer_Object = New-Object -Type PSObject -Property @{"DnsServers" = @("10.10.10.11")};
$ScriptStartTime = (Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss');
# Request a Public IP address
Write-Host ((Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss') + ' # Request a Public IP address');
$VirtualNetworkGatewayPublicIP = New-AzPublicIpAddress `
-Name $VirtualNetworkGateway_PublicIP_Name `
-ResourceGroupName $ResourceGroupName `
-Location $RegionLocation `
-AllocationMethod Dynamic
# Get vNet and Gateway Subnet Information
Write-Host ((Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss') + ' # Get vNet and Gateway Subnet Information');
$vNet = Get-AzVirtualNetwork `
-Name $vNetName `
-ResourceGroupName $ResourceGroupName
$GatewaySubnet = Get-AzVirtualNetworkSubnetConfig `
-Name 'GatewaySubnet' `
-VirtualNetwork $vNet
# Create the gateway IP addressing configuration
Write-Host ((Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss') + ' # Create the gateway IP addressing configuration');
$VirtualNetworkGatewayPublicIPConfig = New-AzVirtualNetworkGatewayIpConfig `
-Name ($VirtualNetworkGateway_Name + '_IP') `
-SubnetId $GatewaySubnet.Id `
-PublicIpAddressId $VirtualNetworkGatewayPublicIP.Id
# Create the Virtual Network Gateway
Write-Host ((Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss') + ' # Create the Virtual Network Gateway');
$VirtualNetworkGateway = New-AzVirtualNetworkGateway `
-Name $VirtualNetworkGateway_Name `
-ResourceGroupName $ResourceGroupName `
-Location $RegionLocation `
-IpConfigurations $VirtualNetworkGatewayPublicIPConfig `
-GatewayType 'Vpn' `
-VpnType 'RouteBased' `
-GatewaySku $GatewaySku
# Create the local network gateway
Write-Host ((Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss') + ' # Create the local network gateway');
$LocalNetworkGateway = New-AzLocalNetworkGateway `
-Name $LocalNetworkGateway_Name `
-ResourceGroupName $ResourceGroupName `
-Location $RegionLocation `
-GatewayIpAddress $LocalNetworkIPAddress `
-AddressPrefix $LocalNetworkAddressSpace
# Create the VPN connection
Write-Host ((Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss') + ' # Create the VPN connection');
$AzureVPNConnection = New-AzVirtualNetworkGatewayConnection `
-Name $AzureVPNConnection_Name `
-ResourceGroupName $ResourceGroupName `
-Location $RegionLocation `
-VirtualNetworkGateway1 $VirtualNetworkGateway `
-LocalNetworkGateway2 $LocalNetworkGateway `
-ConnectionType 'IPsec' `
-RoutingWeight 10 `
-SharedKey $VPNSharedKey
# Verify the VPN connection
Write-Host ((Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss') + ' # Verify the VPN connection');
Get-AzVirtualNetworkGatewayConnection `
-Name $AzureVPNConnection_Name `
-ResourceGroupName $ResourceGroupName
# Change Azure vNet DNS Server
Write-Host ((Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss') + ' # Change Azure vNet DNS Server');
$vNet = (Get-AzVirtualNetwork -Name $vNetName)
$vNet.DhcpOptions = $LocalDNSServer_Object
$New_vNet = $vNet | Set-AzVirtualNetwork
# Create Local RRAS Demand-Dial Interface
Write-Host ((Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss') + ' # Create Local RRAS Demand-Dial Interface');
$AzureAddressSpaceArray = @();
Foreach ($AddressSpace in $vNet.AddressSpace.AddressPrefixes) {
$AzureAddressSpaceArray += ($AddressSpace + ':10');
};
$AzureAddressSpaceArray
Add-VpnS2SInterface `
-AdminStatus $True `
-Name $LocalRRAS_VPNName `
-Destination (Get-AzPublicIpAddress -Name $VirtualNetworkGateway_PublicIP_Name).IpAddress `
-Protocol IKEv2 `
-AuthenticationMethod PSKOnly `
-SharedSecret $VPNSharedKey `
-Persistent `
-IPv4Subnet $AzureAddressSpaceArray
# Connect Azure VPN
Write-Host ((Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss') + ' # Connect Azure VPN');
Connect-VpnS2SInterface `
-Name $LocalRRAS_VPNName
#Script End
Write-Host ("`r`n" + 'Script execution time: ' + [math]::Round((New-TimeSpan -Start $ScriptStartTime -End (Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss')).TotalSeconds) + ' Seconds');
##### Remove #####
##################
$ScriptStartTime = (Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss');
# Disconnect Azure VPN
Write-Host ((Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss') + ' # Disconnect Azure VPN');
Disconnect-VpnS2SInterface `
-Name $LocalRRAS_VPNName `
-Force
# Disable Local RRAS Demand-Dial Interface
Write-Host ((Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss') + ' # Disable Local RRAS Demand-Dial Interface');
Set-VpnS2SInterface `
-Name $LocalRRAS_VPNName `
-AdminStatus $False -Force
Write-Host ((Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss') + ' # Remove VPN connection');
Remove-AzVirtualNetworkGatewayConnection `
-Name $AzureVPNConnection_Name `
-ResourceGroupName $ResourceGroupName `
-Force
# Remove Local Network Gateway
Write-Host ((Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss') + ' # Remove Local Network Gateway');
Remove-AzLocalNetworkGateway `
-Name $LocalNetworkGateway_Name `
-ResourceGroupName $ResourceGroupName `
-Force
# Remove Virtual Network Gateway
Write-Host ((Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss') + ' # Remove Virtual Network Gateway');
Remove-AzVirtualNetworkGateway `
-Name $VirtualNetworkGateway_Name `
-ResourceGroupName $ResourceGroupName `
-Force
# Removes a public IP address
Write-Host ((Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss') + ' # Removes a public IP address');
Remove-AzPublicIpAddress `
-Name $VirtualNetworkGateway_PublicIP_Name `
-ResourceGroupName $ResourceGroupName `
-Force
# Reset Azuire vNet DNS Server to Default (Azure-provided)
Write-Host ((Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss') + ' # Reset Azuire vNet DNS Server to Default (Azure-provided)');
$LocalDNSServer_Object = New-Object -Type PSObject -Property @{};
$vNet = (Get-AzVirtualNetwork -Name $vNetName)
$vNet.DhcpOptions = $LocalDNSServer_Object
$New_vNet = $vNet | Set-AzVirtualNetwork
# Remove Local RRAS Demand-Dial Interface
Write-Host ((Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss') + ' # Remove Local RRAS Demand-Dial Interface');
Remove-VpnS2SInterface -Name $LocalRRAS_VPNName -Force
#Script End
Write-Host ("`r`n" + 'Script execution time: ' + [math]::Round((New-TimeSpan -Start $ScriptStartTime -End (Get-Date).ToUniversalTime().AddHours(8).ToString('yyyy-MM-dd HH:mm:ss')).TotalSeconds) + ' Seconds');
沒有留言:
張貼留言