Microsoft.Network vpnServerConfigurations 2023-05-01

Bicep resource definition

The vpnServerConfigurations resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/vpnServerConfigurations resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/vpnServerConfigurations@2023-05-01' = {
  location: 'string'
  name: 'string'
  properties: {
    aadAuthenticationParameters: {
      aadAudience: 'string'
      aadIssuer: 'string'
      aadTenant: 'string'
    }
    configurationPolicyGroups: [
      {
        id: 'string'
        name: 'string'
        properties: {
          isDefault: bool
          policyMembers: [
            {
              attributeType: 'string'
              attributeValue: 'string'
              name: 'string'
            }
          ]
          priority: int
        }
      }
    ]
    name: 'string'
    radiusClientRootCertificates: [
      {
        name: 'string'
        thumbprint: 'string'
      }
    ]
    radiusServerAddress: 'string'
    radiusServerRootCertificates: [
      {
        name: 'string'
        publicCertData: 'string'
      }
    ]
    radiusServers: [
      {
        radiusServerAddress: 'string'
        radiusServerScore: int
        radiusServerSecret: 'string'
      }
    ]
    radiusServerSecret: 'string'
    vpnAuthenticationTypes: [
      'string'
    ]
    vpnClientIpsecPolicies: [
      {
        dhGroup: 'string'
        ikeEncryption: 'string'
        ikeIntegrity: 'string'
        ipsecEncryption: 'string'
        ipsecIntegrity: 'string'
        pfsGroup: 'string'
        saDataSizeKilobytes: int
        saLifeTimeSeconds: int
      }
    ]
    vpnClientRevokedCertificates: [
      {
        name: 'string'
        thumbprint: 'string'
      }
    ]
    vpnClientRootCertificates: [
      {
        name: 'string'
        publicCertData: 'string'
      }
    ]
    vpnProtocols: [
      'string'
    ]
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

AadAuthenticationParameters

Name Description Value
aadAudience AAD Vpn authentication parameter AAD audience. string
aadIssuer AAD Vpn authentication parameter AAD issuer. string
aadTenant AAD Vpn authentication parameter AAD tenant. string

IpsecPolicy

Name Description Value
dhGroup The DH Group used in IKE Phase 1 for initial SA. 'DHGroup1'
'DHGroup14'
'DHGroup2'
'DHGroup2048'
'DHGroup24'
'ECP256'
'ECP384'
'None' (required)
ikeEncryption The IKE encryption algorithm (IKE phase 2). 'AES128'
'AES192'
'AES256'
'DES'
'DES3'
'GCMAES128'
'GCMAES256' (required)
ikeIntegrity The IKE integrity algorithm (IKE phase 2). 'GCMAES128'
'GCMAES256'
'MD5'
'SHA1'
'SHA256'
'SHA384' (required)
ipsecEncryption The IPSec encryption algorithm (IKE phase 1). 'AES128'
'AES192'
'AES256'
'DES'
'DES3'
'GCMAES128'
'GCMAES192'
'GCMAES256'
'None' (required)
ipsecIntegrity The IPSec integrity algorithm (IKE phase 1). 'GCMAES128'
'GCMAES192'
'GCMAES256'
'MD5'
'SHA1'
'SHA256' (required)
pfsGroup The Pfs Group used in IKE Phase 2 for new child SA. 'ECP256'
'ECP384'
'None'
'PFS1'
'PFS14'
'PFS2'
'PFS2048'
'PFS24'
'PFSMM' (required)
saDataSizeKilobytes The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. int (required)
saLifeTimeSeconds The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. int (required)

Microsoft.Network/vpnServerConfigurations

Name Description Value
location Resource location. string
name The resource name string (required)
properties Properties of the P2SVpnServer configuration. VpnServerConfigurationProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates

RadiusServer

Name Description Value
radiusServerAddress The address of this radius server. string (required)
radiusServerScore The initial score assigned to this radius server. int
radiusServerSecret The secret used for this radius server. string

ResourceTags

Name Description Value

VpnServerConfigRadiusClientRootCertificate

Name Description Value
name The certificate name. string
thumbprint The Radius client root certificate thumbprint. string

VpnServerConfigRadiusServerRootCertificate

Name Description Value
name The certificate name. string
publicCertData The certificate public data. string

VpnServerConfigurationPolicyGroup

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the VpnServerConfigurationPolicyGroup. VpnServerConfigurationPolicyGroupProperties

VpnServerConfigurationPolicyGroupMember

Name Description Value
attributeType The Vpn Policy member attribute type. 'AADGroupId'
'CertificateGroupId'
'RadiusAzureGroupId'
attributeValue The value of Attribute used for this VpnServerConfigurationPolicyGroupMember. string
name Name of the VpnServerConfigurationPolicyGroupMember. string

VpnServerConfigurationPolicyGroupProperties

Name Description Value
isDefault Shows if this is a Default VpnServerConfigurationPolicyGroup or not. bool
policyMembers Multiple PolicyMembers for VpnServerConfigurationPolicyGroup. VpnServerConfigurationPolicyGroupMember[]
priority Priority for VpnServerConfigurationPolicyGroup. int

VpnServerConfigurationProperties

Name Description Value
aadAuthenticationParameters The set of aad vpn authentication parameters. AadAuthenticationParameters
configurationPolicyGroups List of all VpnServerConfigurationPolicyGroups. VpnServerConfigurationPolicyGroup[]
name The name of the VpnServerConfiguration that is unique within a resource group. string
radiusClientRootCertificates Radius client root certificate of VpnServerConfiguration. VpnServerConfigRadiusClientRootCertificate[]
radiusServerAddress The radius server address property of the VpnServerConfiguration resource for point to site client connection. string
radiusServerRootCertificates Radius Server root certificate of VpnServerConfiguration. VpnServerConfigRadiusServerRootCertificate[]
radiusServers Multiple Radius Server configuration for VpnServerConfiguration. RadiusServer[]
radiusServerSecret The radius secret property of the VpnServerConfiguration resource for point to site client connection. string
vpnAuthenticationTypes VPN authentication types for the VpnServerConfiguration. String array containing any of:
'AAD'
'Certificate'
'Radius'
vpnClientIpsecPolicies VpnClientIpsecPolicies for VpnServerConfiguration. IpsecPolicy[]
vpnClientRevokedCertificates VPN client revoked certificate of VpnServerConfiguration. VpnServerConfigVpnClientRevokedCertificate[]
vpnClientRootCertificates VPN client root certificate of VpnServerConfiguration. VpnServerConfigVpnClientRootCertificate[]
vpnProtocols VPN protocols for the VpnServerConfiguration. String array containing any of:
'IkeV2'
'OpenVPN'

VpnServerConfigVpnClientRevokedCertificate

Name Description Value
name The certificate name. string
thumbprint The revoked VPN client certificate thumbprint. string

VpnServerConfigVpnClientRootCertificate

Name Description Value
name The certificate name. string
publicCertData The certificate public data. string

ARM template resource definition

The vpnServerConfigurations resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/vpnServerConfigurations resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/vpnServerConfigurations",
  "apiVersion": "2023-05-01",
  "name": "string",
  "location": "string",
  "properties": {
    "aadAuthenticationParameters": {
      "aadAudience": "string",
      "aadIssuer": "string",
      "aadTenant": "string"
    },
    "configurationPolicyGroups": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "isDefault": "bool",
          "policyMembers": [
            {
              "attributeType": "string",
              "attributeValue": "string",
              "name": "string"
            }
          ],
          "priority": "int"
        }
      }
    ],
    "name": "string",
    "radiusClientRootCertificates": [
      {
        "name": "string",
        "thumbprint": "string"
      }
    ],
    "radiusServerAddress": "string",
    "radiusServerRootCertificates": [
      {
        "name": "string",
        "publicCertData": "string"
      }
    ],
    "radiusServers": [
      {
        "radiusServerAddress": "string",
        "radiusServerScore": "int",
        "radiusServerSecret": "string"
      }
    ],
    "radiusServerSecret": "string",
    "vpnAuthenticationTypes": [ "string" ],
    "vpnClientIpsecPolicies": [
      {
        "dhGroup": "string",
        "ikeEncryption": "string",
        "ikeIntegrity": "string",
        "ipsecEncryption": "string",
        "ipsecIntegrity": "string",
        "pfsGroup": "string",
        "saDataSizeKilobytes": "int",
        "saLifeTimeSeconds": "int"
      }
    ],
    "vpnClientRevokedCertificates": [
      {
        "name": "string",
        "thumbprint": "string"
      }
    ],
    "vpnClientRootCertificates": [
      {
        "name": "string",
        "publicCertData": "string"
      }
    ],
    "vpnProtocols": [ "string" ]
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

AadAuthenticationParameters

Name Description Value
aadAudience AAD Vpn authentication parameter AAD audience. string
aadIssuer AAD Vpn authentication parameter AAD issuer. string
aadTenant AAD Vpn authentication parameter AAD tenant. string

IpsecPolicy

Name Description Value
dhGroup The DH Group used in IKE Phase 1 for initial SA. 'DHGroup1'
'DHGroup14'
'DHGroup2'
'DHGroup2048'
'DHGroup24'
'ECP256'
'ECP384'
'None' (required)
ikeEncryption The IKE encryption algorithm (IKE phase 2). 'AES128'
'AES192'
'AES256'
'DES'
'DES3'
'GCMAES128'
'GCMAES256' (required)
ikeIntegrity The IKE integrity algorithm (IKE phase 2). 'GCMAES128'
'GCMAES256'
'MD5'
'SHA1'
'SHA256'
'SHA384' (required)
ipsecEncryption The IPSec encryption algorithm (IKE phase 1). 'AES128'
'AES192'
'AES256'
'DES'
'DES3'
'GCMAES128'
'GCMAES192'
'GCMAES256'
'None' (required)
ipsecIntegrity The IPSec integrity algorithm (IKE phase 1). 'GCMAES128'
'GCMAES192'
'GCMAES256'
'MD5'
'SHA1'
'SHA256' (required)
pfsGroup The Pfs Group used in IKE Phase 2 for new child SA. 'ECP256'
'ECP384'
'None'
'PFS1'
'PFS14'
'PFS2'
'PFS2048'
'PFS24'
'PFSMM' (required)
saDataSizeKilobytes The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. int (required)
saLifeTimeSeconds The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. int (required)

Microsoft.Network/vpnServerConfigurations

Name Description Value
apiVersion The api version '2023-05-01'
location Resource location. string
name The resource name string (required)
properties Properties of the P2SVpnServer configuration. VpnServerConfigurationProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.Network/vpnServerConfigurations'

RadiusServer

Name Description Value
radiusServerAddress The address of this radius server. string (required)
radiusServerScore The initial score assigned to this radius server. int
radiusServerSecret The secret used for this radius server. string

ResourceTags

Name Description Value

VpnServerConfigRadiusClientRootCertificate

Name Description Value
name The certificate name. string
thumbprint The Radius client root certificate thumbprint. string

VpnServerConfigRadiusServerRootCertificate

Name Description Value
name The certificate name. string
publicCertData The certificate public data. string

VpnServerConfigurationPolicyGroup

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the VpnServerConfigurationPolicyGroup. VpnServerConfigurationPolicyGroupProperties

VpnServerConfigurationPolicyGroupMember

Name Description Value
attributeType The Vpn Policy member attribute type. 'AADGroupId'
'CertificateGroupId'
'RadiusAzureGroupId'
attributeValue The value of Attribute used for this VpnServerConfigurationPolicyGroupMember. string
name Name of the VpnServerConfigurationPolicyGroupMember. string

VpnServerConfigurationPolicyGroupProperties

Name Description Value
isDefault Shows if this is a Default VpnServerConfigurationPolicyGroup or not. bool
policyMembers Multiple PolicyMembers for VpnServerConfigurationPolicyGroup. VpnServerConfigurationPolicyGroupMember[]
priority Priority for VpnServerConfigurationPolicyGroup. int

VpnServerConfigurationProperties

Name Description Value
aadAuthenticationParameters The set of aad vpn authentication parameters. AadAuthenticationParameters
configurationPolicyGroups List of all VpnServerConfigurationPolicyGroups. VpnServerConfigurationPolicyGroup[]
name The name of the VpnServerConfiguration that is unique within a resource group. string
radiusClientRootCertificates Radius client root certificate of VpnServerConfiguration. VpnServerConfigRadiusClientRootCertificate[]
radiusServerAddress The radius server address property of the VpnServerConfiguration resource for point to site client connection. string
radiusServerRootCertificates Radius Server root certificate of VpnServerConfiguration. VpnServerConfigRadiusServerRootCertificate[]
radiusServers Multiple Radius Server configuration for VpnServerConfiguration. RadiusServer[]
radiusServerSecret The radius secret property of the VpnServerConfiguration resource for point to site client connection. string
vpnAuthenticationTypes VPN authentication types for the VpnServerConfiguration. String array containing any of:
'AAD'
'Certificate'
'Radius'
vpnClientIpsecPolicies VpnClientIpsecPolicies for VpnServerConfiguration. IpsecPolicy[]
vpnClientRevokedCertificates VPN client revoked certificate of VpnServerConfiguration. VpnServerConfigVpnClientRevokedCertificate[]
vpnClientRootCertificates VPN client root certificate of VpnServerConfiguration. VpnServerConfigVpnClientRootCertificate[]
vpnProtocols VPN protocols for the VpnServerConfiguration. String array containing any of:
'IkeV2'
'OpenVPN'

VpnServerConfigVpnClientRevokedCertificate

Name Description Value
name The certificate name. string
thumbprint The revoked VPN client certificate thumbprint. string

VpnServerConfigVpnClientRootCertificate

Name Description Value
name The certificate name. string
publicCertData The certificate public data. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Azure Virtual WAN (vWAN) Multi-Hub Deployment

Deploy to Azure
This template allows you to create an Azure Virtual WAN (vWAN) multi-hub deployment including all gateways and VNET connections.
Azure vWAN Multi-Hub Deployment with Custom Routing Tables

Deploy to Azure
This template allows you to create an Azure Virtual WAN (vWAN) multi-hub deployment, including all gateways and VNET connections, and demonstrate the usage of Route Tables for custom routing.
vWAN P2S deployment with multi address pool and user groups

Deploy to Azure
This template deploys Azure Virtual WAN (vWAN) with a P2S configured with multiple address pool and user groups

Terraform (AzAPI provider) resource definition

The vpnServerConfigurations resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/vpnServerConfigurations resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/vpnServerConfigurations@2023-05-01"
  name = "string"
  location = "string"
  body = jsonencode({
    properties = {
      aadAuthenticationParameters = {
        aadAudience = "string"
        aadIssuer = "string"
        aadTenant = "string"
      }
      configurationPolicyGroups = [
        {
          id = "string"
          name = "string"
          properties = {
            isDefault = bool
            policyMembers = [
              {
                attributeType = "string"
                attributeValue = "string"
                name = "string"
              }
            ]
            priority = int
          }
        }
      ]
      name = "string"
      radiusClientRootCertificates = [
        {
          name = "string"
          thumbprint = "string"
        }
      ]
      radiusServerAddress = "string"
      radiusServerRootCertificates = [
        {
          name = "string"
          publicCertData = "string"
        }
      ]
      radiusServers = [
        {
          radiusServerAddress = "string"
          radiusServerScore = int
          radiusServerSecret = "string"
        }
      ]
      radiusServerSecret = "string"
      vpnAuthenticationTypes = [
        "string"
      ]
      vpnClientIpsecPolicies = [
        {
          dhGroup = "string"
          ikeEncryption = "string"
          ikeIntegrity = "string"
          ipsecEncryption = "string"
          ipsecIntegrity = "string"
          pfsGroup = "string"
          saDataSizeKilobytes = int
          saLifeTimeSeconds = int
        }
      ]
      vpnClientRevokedCertificates = [
        {
          name = "string"
          thumbprint = "string"
        }
      ]
      vpnClientRootCertificates = [
        {
          name = "string"
          publicCertData = "string"
        }
      ]
      vpnProtocols = [
        "string"
      ]
    }
  })
  tags = {
    {customized property} = "string"
  }
}

Property values

AadAuthenticationParameters

Name Description Value
aadAudience AAD Vpn authentication parameter AAD audience. string
aadIssuer AAD Vpn authentication parameter AAD issuer. string
aadTenant AAD Vpn authentication parameter AAD tenant. string

IpsecPolicy

Name Description Value
dhGroup The DH Group used in IKE Phase 1 for initial SA. 'DHGroup1'
'DHGroup14'
'DHGroup2'
'DHGroup2048'
'DHGroup24'
'ECP256'
'ECP384'
'None' (required)
ikeEncryption The IKE encryption algorithm (IKE phase 2). 'AES128'
'AES192'
'AES256'
'DES'
'DES3'
'GCMAES128'
'GCMAES256' (required)
ikeIntegrity The IKE integrity algorithm (IKE phase 2). 'GCMAES128'
'GCMAES256'
'MD5'
'SHA1'
'SHA256'
'SHA384' (required)
ipsecEncryption The IPSec encryption algorithm (IKE phase 1). 'AES128'
'AES192'
'AES256'
'DES'
'DES3'
'GCMAES128'
'GCMAES192'
'GCMAES256'
'None' (required)
ipsecIntegrity The IPSec integrity algorithm (IKE phase 1). 'GCMAES128'
'GCMAES192'
'GCMAES256'
'MD5'
'SHA1'
'SHA256' (required)
pfsGroup The Pfs Group used in IKE Phase 2 for new child SA. 'ECP256'
'ECP384'
'None'
'PFS1'
'PFS14'
'PFS2'
'PFS2048'
'PFS24'
'PFSMM' (required)
saDataSizeKilobytes The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. int (required)
saLifeTimeSeconds The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. int (required)

Microsoft.Network/vpnServerConfigurations

Name Description Value
location Resource location. string
name The resource name string (required)
properties Properties of the P2SVpnServer configuration. VpnServerConfigurationProperties
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.Network/vpnServerConfigurations@2023-05-01"

RadiusServer

Name Description Value
radiusServerAddress The address of this radius server. string (required)
radiusServerScore The initial score assigned to this radius server. int
radiusServerSecret The secret used for this radius server. string

ResourceTags

Name Description Value

VpnServerConfigRadiusClientRootCertificate

Name Description Value
name The certificate name. string
thumbprint The Radius client root certificate thumbprint. string

VpnServerConfigRadiusServerRootCertificate

Name Description Value
name The certificate name. string
publicCertData The certificate public data. string

VpnServerConfigurationPolicyGroup

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Properties of the VpnServerConfigurationPolicyGroup. VpnServerConfigurationPolicyGroupProperties

VpnServerConfigurationPolicyGroupMember

Name Description Value
attributeType The Vpn Policy member attribute type. 'AADGroupId'
'CertificateGroupId'
'RadiusAzureGroupId'
attributeValue The value of Attribute used for this VpnServerConfigurationPolicyGroupMember. string
name Name of the VpnServerConfigurationPolicyGroupMember. string

VpnServerConfigurationPolicyGroupProperties

Name Description Value
isDefault Shows if this is a Default VpnServerConfigurationPolicyGroup or not. bool
policyMembers Multiple PolicyMembers for VpnServerConfigurationPolicyGroup. VpnServerConfigurationPolicyGroupMember[]
priority Priority for VpnServerConfigurationPolicyGroup. int

VpnServerConfigurationProperties

Name Description Value
aadAuthenticationParameters The set of aad vpn authentication parameters. AadAuthenticationParameters
configurationPolicyGroups List of all VpnServerConfigurationPolicyGroups. VpnServerConfigurationPolicyGroup[]
name The name of the VpnServerConfiguration that is unique within a resource group. string
radiusClientRootCertificates Radius client root certificate of VpnServerConfiguration. VpnServerConfigRadiusClientRootCertificate[]
radiusServerAddress The radius server address property of the VpnServerConfiguration resource for point to site client connection. string
radiusServerRootCertificates Radius Server root certificate of VpnServerConfiguration. VpnServerConfigRadiusServerRootCertificate[]
radiusServers Multiple Radius Server configuration for VpnServerConfiguration. RadiusServer[]
radiusServerSecret The radius secret property of the VpnServerConfiguration resource for point to site client connection. string
vpnAuthenticationTypes VPN authentication types for the VpnServerConfiguration. String array containing any of:
'AAD'
'Certificate'
'Radius'
vpnClientIpsecPolicies VpnClientIpsecPolicies for VpnServerConfiguration. IpsecPolicy[]
vpnClientRevokedCertificates VPN client revoked certificate of VpnServerConfiguration. VpnServerConfigVpnClientRevokedCertificate[]
vpnClientRootCertificates VPN client root certificate of VpnServerConfiguration. VpnServerConfigVpnClientRootCertificate[]
vpnProtocols VPN protocols for the VpnServerConfiguration. String array containing any of:
'IkeV2'
'OpenVPN'

VpnServerConfigVpnClientRevokedCertificate

Name Description Value
name The certificate name. string
thumbprint The revoked VPN client certificate thumbprint. string

VpnServerConfigVpnClientRootCertificate

Name Description Value
name The certificate name. string
publicCertData The certificate public data. string