Apologies for the delayed response here. We did not yet hear back from the team. Meanwhile based on my search as well I could not find a way to enable the private IP flag using CLI commands and so I have filled a bug here on the AZ CLI repo. I also request you to file a feedback item on our feedback portal here.
If it helps, you can use az rest
to enable the private IP flag using the Virtual Network Gateways - Create Or Update REST API. Below is the sample script I created which you can use.
In the script below please add the variable values from your environment. Regarding body.json file in the command below, the trick here is to perform a Virtual Network Gateways - Get REST API call and copy the response into notepad and change the "enablePrivateIpAddress": true,
as shown below and save the file as body.json
which you will pass in command (The file should be in the same directory).
az login
resourcegroup="YourRGName"
vpnGatewayName="VPNGatewayName"
subscriptionId="SUbID"
az account set --subscription $subscriptionId
azureAccessToken=$(az account get-access-token --query accessToken -o tsv)
az rest --method put \
--url "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourcegroup/providers/Microsoft.Network/virtualNetworkGateways/$vpnGatewayName?api-version=2023-05-01" \
--headers "Authorization=Bearer $azureAccessToken" "Content-Type=application/json" \
--body @body.json
I tried the script on my end was successful in enabling the Gateway Private IP flag.
Just one small note, any update on VPN Gateway can take a while to go through. Please make sure the "provisioningState" is in "Succeeded"
state before making any updates.
Hope this helps! Please let me know if you have any additional questions. Thank you!