Microsoft.Network vpnServerConfigurations 2019-12-01
- Latest
- 2024-03-01
- 2024-01-01
- 2023-11-01
- 2023-09-01
- 2023-06-01
- 2023-05-01
- 2023-04-01
- 2023-02-01
- 2022-11-01
- 2022-09-01
- 2022-07-01
- 2022-05-01
- 2022-01-01
- 2021-08-01
- 2021-05-01
- 2021-03-01
- 2021-02-01
- 2020-11-01
- 2020-08-01
- 2020-07-01
- 2020-06-01
- 2020-05-01
- 2020-04-01
- 2020-03-01
- 2019-12-01
- 2019-11-01
- 2019-09-01
- 2019-08-01
Bicep resource definition
The vpnServerConfigurations resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/vpnServerConfigurations resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/vpnServerConfigurations@2019-12-01' = {
location: 'string'
name: 'string'
properties: {
aadAuthenticationParameters: {
aadAudience: 'string'
aadIssuer: 'string'
aadTenant: 'string'
}
name: 'string'
radiusClientRootCertificates: [
{
name: 'string'
thumbprint: 'string'
}
]
radiusServerAddress: 'string'
radiusServerRootCertificates: [
{
name: 'string'
publicCertData: 'string'
}
]
radiusServerSecret: 'string'
vpnAuthenticationTypes: [
'string'
]
vpnClientIpsecPolicies: [
{
dhGroup: 'string'
ikeEncryption: 'string'
ikeIntegrity: 'string'
ipsecEncryption: 'string'
ipsecIntegrity: 'string'
pfsGroup: 'string'
saDataSizeKilobytes: int
saLifeTimeSeconds: int
}
]
vpnClientRevokedCertificates: [
{
name: 'string'
thumbprint: 'string'
}
]
vpnClientRootCertificates: [
{
name: 'string'
publicCertData: 'string'
}
]
vpnProtocols: [
'string'
]
}
tags: {
{customized property}: 'string'
}
}
Property values
AadAuthenticationParameters
| Name | Description | Value |
|---|---|---|
| aadAudience | AAD Vpn authentication parameter AAD audience. | string |
| aadIssuer | AAD Vpn authentication parameter AAD issuer. | string |
| aadTenant | AAD Vpn authentication parameter AAD tenant. | string |
IpsecPolicy
| Name | Description | Value |
|---|---|---|
| dhGroup | The DH Group used in IKE Phase 1 for initial SA. | 'DHGroup1' 'DHGroup14' 'DHGroup2' 'DHGroup2048' 'DHGroup24' 'ECP256' 'ECP384' 'None' (required) |
| ikeEncryption | The IKE encryption algorithm (IKE phase 2). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES256' (required) |
| ikeIntegrity | The IKE integrity algorithm (IKE phase 2). | 'GCMAES128' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' 'SHA384' (required) |
| ipsecEncryption | The IPSec encryption algorithm (IKE phase 1). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES192' 'GCMAES256' 'None' (required) |
| ipsecIntegrity | The IPSec integrity algorithm (IKE phase 1). | 'GCMAES128' 'GCMAES192' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' (required) |
| pfsGroup | The Pfs Group used in IKE Phase 2 for new child SA. | 'ECP256' 'ECP384' 'None' 'PFS1' 'PFS14' 'PFS2' 'PFS2048' 'PFS24' 'PFSMM' (required) |
| saDataSizeKilobytes | The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. | int (required) |
| saLifeTimeSeconds | The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. | int (required) |
Microsoft.Network/vpnServerConfigurations
| Name | Description | Value |
|---|---|---|
| location | Resource location. | string |
| name | The resource name | string (required) |
| properties | Properties of the P2SVpnServer configuration. | VpnServerConfigurationProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
ResourceTags
| Name | Description | Value |
|---|
VpnServerConfigRadiusClientRootCertificate
| Name | Description | Value |
|---|---|---|
| name | The certificate name. | string |
| thumbprint | The Radius client root certificate thumbprint. | string |
VpnServerConfigRadiusServerRootCertificate
| Name | Description | Value |
|---|---|---|
| name | The certificate name. | string |
| publicCertData | The certificate public data. | string |
VpnServerConfigurationProperties
| Name | Description | Value |
|---|---|---|
| aadAuthenticationParameters | The set of aad vpn authentication parameters. | AadAuthenticationParameters |
| name | The name of the VpnServerConfiguration that is unique within a resource group. | string |
| radiusClientRootCertificates | Radius client root certificate of VpnServerConfiguration. | VpnServerConfigRadiusClientRootCertificate[] |
| radiusServerAddress | The radius server address property of the VpnServerConfiguration resource for point to site client connection. | string |
| radiusServerRootCertificates | Radius Server root certificate of VpnServerConfiguration. | VpnServerConfigRadiusServerRootCertificate[] |
| radiusServerSecret | The radius secret property of the VpnServerConfiguration resource for point to site client connection. | string |
| vpnAuthenticationTypes | VPN authentication types for the VpnServerConfiguration. | String array containing any of: 'AAD' 'Certificate' 'Radius' |
| vpnClientIpsecPolicies | VpnClientIpsecPolicies for VpnServerConfiguration. | IpsecPolicy[] |
| vpnClientRevokedCertificates | VPN client revoked certificate of VpnServerConfiguration. | VpnServerConfigVpnClientRevokedCertificate[] |
| vpnClientRootCertificates | VPN client root certificate of VpnServerConfiguration. | VpnServerConfigVpnClientRootCertificate[] |
| vpnProtocols | VPN protocols for the VpnServerConfiguration. | String array containing any of: 'IkeV2' 'OpenVPN' |
VpnServerConfigVpnClientRevokedCertificate
| Name | Description | Value |
|---|---|---|
| name | The certificate name. | string |
| thumbprint | The revoked VPN client certificate thumbprint. | string |
VpnServerConfigVpnClientRootCertificate
| Name | Description | Value |
|---|---|---|
| name | The certificate name. | string |
| publicCertData | The certificate public data. | string |
ARM template resource definition
The vpnServerConfigurations resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/vpnServerConfigurations resource, add the following JSON to your template.
{
"type": "Microsoft.Network/vpnServerConfigurations",
"apiVersion": "2019-12-01",
"name": "string",
"location": "string",
"properties": {
"aadAuthenticationParameters": {
"aadAudience": "string",
"aadIssuer": "string",
"aadTenant": "string"
},
"name": "string",
"radiusClientRootCertificates": [
{
"name": "string",
"thumbprint": "string"
}
],
"radiusServerAddress": "string",
"radiusServerRootCertificates": [
{
"name": "string",
"publicCertData": "string"
}
],
"radiusServerSecret": "string",
"vpnAuthenticationTypes": [ "string" ],
"vpnClientIpsecPolicies": [
{
"dhGroup": "string",
"ikeEncryption": "string",
"ikeIntegrity": "string",
"ipsecEncryption": "string",
"ipsecIntegrity": "string",
"pfsGroup": "string",
"saDataSizeKilobytes": "int",
"saLifeTimeSeconds": "int"
}
],
"vpnClientRevokedCertificates": [
{
"name": "string",
"thumbprint": "string"
}
],
"vpnClientRootCertificates": [
{
"name": "string",
"publicCertData": "string"
}
],
"vpnProtocols": [ "string" ]
},
"tags": {
"{customized property}": "string"
}
}
Property values
AadAuthenticationParameters
| Name | Description | Value |
|---|---|---|
| aadAudience | AAD Vpn authentication parameter AAD audience. | string |
| aadIssuer | AAD Vpn authentication parameter AAD issuer. | string |
| aadTenant | AAD Vpn authentication parameter AAD tenant. | string |
IpsecPolicy
| Name | Description | Value |
|---|---|---|
| dhGroup | The DH Group used in IKE Phase 1 for initial SA. | 'DHGroup1' 'DHGroup14' 'DHGroup2' 'DHGroup2048' 'DHGroup24' 'ECP256' 'ECP384' 'None' (required) |
| ikeEncryption | The IKE encryption algorithm (IKE phase 2). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES256' (required) |
| ikeIntegrity | The IKE integrity algorithm (IKE phase 2). | 'GCMAES128' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' 'SHA384' (required) |
| ipsecEncryption | The IPSec encryption algorithm (IKE phase 1). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES192' 'GCMAES256' 'None' (required) |
| ipsecIntegrity | The IPSec integrity algorithm (IKE phase 1). | 'GCMAES128' 'GCMAES192' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' (required) |
| pfsGroup | The Pfs Group used in IKE Phase 2 for new child SA. | 'ECP256' 'ECP384' 'None' 'PFS1' 'PFS14' 'PFS2' 'PFS2048' 'PFS24' 'PFSMM' (required) |
| saDataSizeKilobytes | The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. | int (required) |
| saLifeTimeSeconds | The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. | int (required) |
Microsoft.Network/vpnServerConfigurations
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2019-12-01' |
| location | Resource location. | string |
| name | The resource name | string (required) |
| properties | Properties of the P2SVpnServer configuration. | VpnServerConfigurationProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.Network/vpnServerConfigurations' |
ResourceTags
| Name | Description | Value |
|---|
VpnServerConfigRadiusClientRootCertificate
| Name | Description | Value |
|---|---|---|
| name | The certificate name. | string |
| thumbprint | The Radius client root certificate thumbprint. | string |
VpnServerConfigRadiusServerRootCertificate
| Name | Description | Value |
|---|---|---|
| name | The certificate name. | string |
| publicCertData | The certificate public data. | string |
VpnServerConfigurationProperties
| Name | Description | Value |
|---|---|---|
| aadAuthenticationParameters | The set of aad vpn authentication parameters. | AadAuthenticationParameters |
| name | The name of the VpnServerConfiguration that is unique within a resource group. | string |
| radiusClientRootCertificates | Radius client root certificate of VpnServerConfiguration. | VpnServerConfigRadiusClientRootCertificate[] |
| radiusServerAddress | The radius server address property of the VpnServerConfiguration resource for point to site client connection. | string |
| radiusServerRootCertificates | Radius Server root certificate of VpnServerConfiguration. | VpnServerConfigRadiusServerRootCertificate[] |
| radiusServerSecret | The radius secret property of the VpnServerConfiguration resource for point to site client connection. | string |
| vpnAuthenticationTypes | VPN authentication types for the VpnServerConfiguration. | String array containing any of: 'AAD' 'Certificate' 'Radius' |
| vpnClientIpsecPolicies | VpnClientIpsecPolicies for VpnServerConfiguration. | IpsecPolicy[] |
| vpnClientRevokedCertificates | VPN client revoked certificate of VpnServerConfiguration. | VpnServerConfigVpnClientRevokedCertificate[] |
| vpnClientRootCertificates | VPN client root certificate of VpnServerConfiguration. | VpnServerConfigVpnClientRootCertificate[] |
| vpnProtocols | VPN protocols for the VpnServerConfiguration. | String array containing any of: 'IkeV2' 'OpenVPN' |
VpnServerConfigVpnClientRevokedCertificate
| Name | Description | Value |
|---|---|---|
| name | The certificate name. | string |
| thumbprint | The revoked VPN client certificate thumbprint. | string |
VpnServerConfigVpnClientRootCertificate
| Name | Description | Value |
|---|---|---|
| name | The certificate name. | string |
| publicCertData | The certificate public data. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Azure Virtual WAN (vWAN) Multi-Hub Deployment |
This template allows you to create an Azure Virtual WAN (vWAN) multi-hub deployment including all gateways and VNET connections. |
| Azure vWAN Multi-Hub Deployment with Custom Routing Tables |
This template allows you to create an Azure Virtual WAN (vWAN) multi-hub deployment, including all gateways and VNET connections, and demonstrate the usage of Route Tables for custom routing. |
| vWAN P2S deployment with multi address pool and user groups |
This template deploys Azure Virtual WAN (vWAN) with a P2S configured with multiple address pool and user groups |
Terraform (AzAPI provider) resource definition
The vpnServerConfigurations resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/vpnServerConfigurations resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/vpnServerConfigurations@2019-12-01"
name = "string"
location = "string"
body = jsonencode({
properties = {
aadAuthenticationParameters = {
aadAudience = "string"
aadIssuer = "string"
aadTenant = "string"
}
name = "string"
radiusClientRootCertificates = [
{
name = "string"
thumbprint = "string"
}
]
radiusServerAddress = "string"
radiusServerRootCertificates = [
{
name = "string"
publicCertData = "string"
}
]
radiusServerSecret = "string"
vpnAuthenticationTypes = [
"string"
]
vpnClientIpsecPolicies = [
{
dhGroup = "string"
ikeEncryption = "string"
ikeIntegrity = "string"
ipsecEncryption = "string"
ipsecIntegrity = "string"
pfsGroup = "string"
saDataSizeKilobytes = int
saLifeTimeSeconds = int
}
]
vpnClientRevokedCertificates = [
{
name = "string"
thumbprint = "string"
}
]
vpnClientRootCertificates = [
{
name = "string"
publicCertData = "string"
}
]
vpnProtocols = [
"string"
]
}
})
tags = {
{customized property} = "string"
}
}
Property values
AadAuthenticationParameters
| Name | Description | Value |
|---|---|---|
| aadAudience | AAD Vpn authentication parameter AAD audience. | string |
| aadIssuer | AAD Vpn authentication parameter AAD issuer. | string |
| aadTenant | AAD Vpn authentication parameter AAD tenant. | string |
IpsecPolicy
| Name | Description | Value |
|---|---|---|
| dhGroup | The DH Group used in IKE Phase 1 for initial SA. | 'DHGroup1' 'DHGroup14' 'DHGroup2' 'DHGroup2048' 'DHGroup24' 'ECP256' 'ECP384' 'None' (required) |
| ikeEncryption | The IKE encryption algorithm (IKE phase 2). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES256' (required) |
| ikeIntegrity | The IKE integrity algorithm (IKE phase 2). | 'GCMAES128' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' 'SHA384' (required) |
| ipsecEncryption | The IPSec encryption algorithm (IKE phase 1). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES192' 'GCMAES256' 'None' (required) |
| ipsecIntegrity | The IPSec integrity algorithm (IKE phase 1). | 'GCMAES128' 'GCMAES192' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' (required) |
| pfsGroup | The Pfs Group used in IKE Phase 2 for new child SA. | 'ECP256' 'ECP384' 'None' 'PFS1' 'PFS14' 'PFS2' 'PFS2048' 'PFS24' 'PFSMM' (required) |
| saDataSizeKilobytes | The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. | int (required) |
| saLifeTimeSeconds | The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. | int (required) |
Microsoft.Network/vpnServerConfigurations
| Name | Description | Value |
|---|---|---|
| location | Resource location. | string |
| name | The resource name | string (required) |
| properties | Properties of the P2SVpnServer configuration. | VpnServerConfigurationProperties |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.Network/vpnServerConfigurations@2019-12-01" |
ResourceTags
| Name | Description | Value |
|---|
VpnServerConfigRadiusClientRootCertificate
| Name | Description | Value |
|---|---|---|
| name | The certificate name. | string |
| thumbprint | The Radius client root certificate thumbprint. | string |
VpnServerConfigRadiusServerRootCertificate
| Name | Description | Value |
|---|---|---|
| name | The certificate name. | string |
| publicCertData | The certificate public data. | string |
VpnServerConfigurationProperties
| Name | Description | Value |
|---|---|---|
| aadAuthenticationParameters | The set of aad vpn authentication parameters. | AadAuthenticationParameters |
| name | The name of the VpnServerConfiguration that is unique within a resource group. | string |
| radiusClientRootCertificates | Radius client root certificate of VpnServerConfiguration. | VpnServerConfigRadiusClientRootCertificate[] |
| radiusServerAddress | The radius server address property of the VpnServerConfiguration resource for point to site client connection. | string |
| radiusServerRootCertificates | Radius Server root certificate of VpnServerConfiguration. | VpnServerConfigRadiusServerRootCertificate[] |
| radiusServerSecret | The radius secret property of the VpnServerConfiguration resource for point to site client connection. | string |
| vpnAuthenticationTypes | VPN authentication types for the VpnServerConfiguration. | String array containing any of: 'AAD' 'Certificate' 'Radius' |
| vpnClientIpsecPolicies | VpnClientIpsecPolicies for VpnServerConfiguration. | IpsecPolicy[] |
| vpnClientRevokedCertificates | VPN client revoked certificate of VpnServerConfiguration. | VpnServerConfigVpnClientRevokedCertificate[] |
| vpnClientRootCertificates | VPN client root certificate of VpnServerConfiguration. | VpnServerConfigVpnClientRootCertificate[] |
| vpnProtocols | VPN protocols for the VpnServerConfiguration. | String array containing any of: 'IkeV2' 'OpenVPN' |
VpnServerConfigVpnClientRevokedCertificate
| Name | Description | Value |
|---|---|---|
| name | The certificate name. | string |
| thumbprint | The revoked VPN client certificate thumbprint. | string |
VpnServerConfigVpnClientRootCertificate
| Name | Description | Value |
|---|---|---|
| name | The certificate name. | string |
| publicCertData | The certificate public data. | string |