Skip to content

Commit

Permalink
adding azure vpn
Browse files Browse the repository at this point in the history
  • Loading branch information
@hmeiland
hmeiland committed Apr 29, 2022
1 parent 88b1ae8 commit fff0d5e
Show file tree
Hide file tree
Showing 2 changed files with 115 additions and 0 deletions.
14 changes: 14 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ The config file will create or reuse vnet and subnets from the config file.
| **dns_domain** | Private domain name to create | no | |
| **peer** | Dictionary of [peer names](#peer-dictionary) to create | no | |
| **routes** | Dictionary of [route names](#route-dictionary) to create | no | |
| **gateway** | Specification of AAD based Azure VPN Gateway to create | no | |

#### Peer dictionary

Expand All @@ -108,6 +109,19 @@ This dictionary describes routes to be created
| **next_hop** | TO DOCUMENT | yes | |
| **subnet** | TO DOCUMENT | yes | |

#### Gateway dictionary

This dictionary describes the virtual network peering to be created

| Name | Description | Required | Default |
|--------------------|------------------------------------------------------------------------------------|----------|---------|
| **name** | Name of the VPN Gateway | yes | |
| **subnet** | Subnet to be used for incoming clients of the gateway, | yes | |
| | this MUST be "GatewaySubnet" and this subnet must be defined in the subnet section | | |
| **aad_tenant** | URL of the AAD tenant as https://login.microsoftonline.com/<your Directory ID> | yes | |
| **aad_audience** | Application ID of the Azure VPN Enterprise registration in AAD | yes | |
| **aad_issuer** | URL of the AAD issuer as https://sts.windows.net/<your Directory ID>/ | yes | |

Here is an example setup with four subnets:

```json
Expand Down
101 changes: 101 additions & 0 deletions pyazhpc/arm.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,107 @@ def _add_network(self, cfg):
}
})

# vpn gateway
vpn_gateway_name = cfg["vnet"]["gateway"].get("name", None)
if vpn_gateway_name:
log.info(f"add vpn gateway ({vpn_gateway_name})")
rrg = cfg["resource_group"]
vnetname = cfg["vnet"]["name"]
subnet = cfg["vnet"]["gateway"].get("subnet")
aad_tenant = cfg["vnet"]["gateway"].get("aad_tenant")
aad_audience = cfg["vnet"]["gateway"].get("aad_audience")
aad_issuer = cfg["vnet"]["gateway"].get("aad_issuer")
nicdeps = []
pipname = vpn_gateway_name+"_pip"
dnsname = azutil.get_dns_label(rrg, pipname, True)
if dnsname:
log.debug(f"dns name: {dnsname} (using existing one)")
else:
dnsname = vpn_gateway_name+str(uuid.uuid4())[:6]
log.debug(f"dns name: {dnsname}")

nicdeps.append("Microsoft.Network/publicIpAddresses/"+pipname)

pipres = {
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2018-01-01",
"name": pipname,
"location": location,
"dependsOn": [],
"tags": gtags,
"properties": {
"dnsSettings": {
"domainNameLabel": dnsname
}
}
}
self.resources.append(pipres)

self.resources.append({
"type": "Microsoft.Network/virtualNetworkGateways",
"apiVersion": "2020-11-01",
"name": vpn_gateway_name,
"tags": gtags,
"location": location,
"properties": {
"enablePrivateIpAddress": False,
"ipConfigurations": [
{
"name": "default",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', '{}')]".format(pipname)
},
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', '{}', '{}')]".format(vnetname, subnet)
}
}
}
],
"sku": {
"name": "VpnGw2",
"tier": "VpnGw2"
},
"gatewayType": "Vpn",
"vpnType": "RouteBased",
"enableBgp": False,
"activeActive": False,
"vpnClientConfiguration": {
"vpnClientAddressPool": {
"addressPrefixes": [
"172.0.0.0/24"
]
},
"vpnClientProtocols": [
"OpenVPN"
],
"vpnAuthenticationTypes": [
"AAD"
],
"vpnClientRootCertificates": [],
"vpnClientRevokedCertificates": [],
"radiusServers": [],
"vpnClientIpsecPolicies": [],
"aadTenant": aad_tenant,
"aadAudience": aad_audience,
"aadIssuer": aad_issuer
},
"bgpSettings": {
"asn": 65515,
"bgpPeeringAddress": "10.0.4.254",
"peerWeight": 0,
"bgpPeeringAddresses": [
{
"ipconfigurationId": "[concat(resourceId('Microsoft.Network/virtualNetworkGateways', '{}'), '/ipConfigurations/default')]".format(vpn_gateway_name),
"customBgpIpAddresses": []
}
]
},
"vpnGatewayGeneration": "Generation2"
}
})

def _add_netapp(self, cfg, name, deploy_network):
account = cfg["storage"][name]
loc = cfg["location"]
Expand Down

0 comments on commit fff0d5e

Please sign in to comment.