azureazure-vpn

Azure: How to configure Point-to-Site using Terraform?

I followed the article https://www.ais.com/how-to-configure-point-to-site-vpn-connection-using-azure-certificate-authentication/ and configured Point-to-Site.

In summary: I have created the Root & Client Certificate and configured the Virtual Gateway

Here we are generating the root certificate

$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature  -Subject "CN=VPNRoot" -KeyExportPolicy Exportable  -HashAlgorithm sha256 -KeyLength 2048  -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign

Here we are generating the client certificate from the root certificate

New-SelfSignedCertificate -Type Custom -DnsName VPNCert -KeySpec Signature  -Subject "CN=VPNCert" -KeyExportPolicy Exportable  -HashAlgorithm sha256 -KeyLength 2048  -CertStoreLocation "Cert:\CurrentUser\My" -Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")

enter image description here

Is there a way configure the Point-to-Site using Terraform?

Solution

  • I was able to configure the Point to Site using the below Terraform code.

    resource "azurerm_virtual_network_gateway" "azunetgateway" {
  name                = "azunetgateway"
  location            = azurerm_resource_group.ipz12-dat-np-connection-rg.location
  resource_group_name = azurerm_resource_group.ipz12-dat-np-connection-rg.name
  
  type     = "Vpn"
  vpn_type = "RouteBased"
  active_active = false
  enable_bgp    = false
  sku           = "VpnGw1"

  ip_configuration {
    name                          = "vnetGatewayConfig"
    public_ip_address_id          = azurerm_public_ip.azunetgwpip.id
    private_ip_address_allocation = "Dynamic"
    subnet_id                     = azurerm_subnet.appgateway_subnet.id
  }

  # Client configuration for Point-to-Site VPN Gateway connections
  vpn_client_configuration {
    address_space = ["172.16.0.0/16"]
    root_certificate {
      name = "ROOTCERT"
      public_cert_data  = <<EOF
MIIC3zCCAcegAwIBAgIQJdWvUysG/oxPlBZu2cCi1DANBgkqhkiG9w0BAQsFADAS
MRAwDgYDVQQDDAdWUE5Sb290MB4XDTIyMTEyMzE3MTUxOFoXDTIzMTEyMzE3MzUx
OFowEjEQMA4GA1UEAwwHVlBOUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAMYijaT3al0QQypT+vTOnyWepDqwlvFC8liwRKxUvs33qAI+G5INtPeH
0/XCcvng7ClUvs09Ui7u3ZiyRpemnHCuAd0Fqb5DwFYhVus/dpFju5nw2Cw2VLuf
ldhAcbhAXfAtkPsSqL9zgRWjxQ==
EOF   
    }
  }

  depends_on = [
    azurerm_public_ip.azunetgwpip,
    azurerm_subnet.appgateway_subnet
  ]
}