Create a VPN gateway with P2S RADIUS authentication - PowerShell script sample
This script sample creates a route-based VPN gateway and adds point-to-site configuration using RADIUS username/password authentication.
Note
We recommend that you use the Azure Az PowerShell module to interact with Azure. See Install Azure PowerShell to get started. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.
# Declare variables
$VNetName = "VNet1"
$FESubName = "FrontEnd"
$VNetPrefix1 = "10.1.0.0/16"
$FESubPrefix = "10.1.0.0/24"
$GWSubPrefix = "10.1.255.0/27"
$VPNClientAddressPool = "172.16.201.0/24"
$RG = "TestRG1"
$Location = "East US"
$GWName = "VNet1GW"
$GWIPName = "VNet1GWIP"
$RSAddress = "10.51.0.15"
# Create a resource group
New-AzResourceGroup -Name $RG -Location $Location
# Create a virtual network
$virtualNetwork = New-AzVirtualNetwork `
-ResourceGroupName $RG `
-Location $Location `
-Name $VNetName `
-AddressPrefix $VNetPrefix1
# Create a subnet configuration
$subnetConfig = Add-AzVirtualNetworkSubnetConfig `
-Name $FESubName `
-AddressPrefix $FESubPrefix `
-VirtualNetwork $virtualNetwork
# Set the subnet configuration for the virtual network
$virtualNetwork | Set-AzVirtualNetwork
# Add a gateway subnet
$vnet = Get-AzVirtualNetwork -ResourceGroupName $RG -Name $VNetName
Add-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix $GWSubPrefix -VirtualNetwork $vnet
# Set the subnet configuration for the virtual network
$vnet | Set-AzVirtualNetwork
# Request a public IP address
$gwpip= New-AzPublicIpAddress -Name $GWIPName -ResourceGroupName $RG -Location $Location `
-AllocationMethod Dynamic
# Create the gateway IP address configuration
$vnet = Get-AzVirtualNetwork -Name $VNetName -ResourceGroupName $RG
$subnet = Get-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $vnet
$gwipconfig = New-AzVirtualNetworkGatewayIpConfig -Name gwipconfig1 -SubnetId $subnet.Id -PublicIpAddressId $gwpip.Id
# Create the VPN gateway
New-AzVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG `
-Location $Location -IpConfigurations $gwipconfig -GatewayType Vpn `
-VpnType RouteBased -GatewaySku VpnGw1 -VpnClientProtocol "IKEv2"
# Create a secure string for the RADIUS secret
$Secure_Secret=Read-Host -AsSecureString -Prompt "RadiusSecret"
# Add the VPN client address pool and the RADIUS server information
$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName $RG -Name $GWName
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway `
-VpnClientAddressPool $VPNClientAddressPool -VpnClientProtocol @( "SSTP", "IkeV2" ) `
-RadiusServerAddress $RSAddress -RadiusServerSecret $Secure_Secret
Clean up resources
When you no longer need the resources you created, use the Remove-AzResourceGroup command to delete the resource group. This will delete the resource group and all of the resources it contains.
Remove-AzResourceGroup -Name TestRG1
Script explanation
This script uses the following commands to create the deployment. Each item in the table links to command specific documentation.
| Command | Notes |
|---|---|
| Add-AzVirtualNetworkSubnetConfig | Adds a subnet configuration. This configuration is used with the virtual network creation process. |
| Get-AzVirtualNetwork | Gets virtual network details. |
| Get-AzVirtualNetworkGateway | Gets a virtual network gateway details. |
| Get-AzVirtualNetworkSubnetConfig | Gets the virtual network subnet configuration details. |
| New-AzResourceGroup | Creates a resource group in which all resources are stored. |
| New-AzVirtualNetworkSubnetConfig | Creates a subnet configuration. This configuration is used with the virtual network creation process. |
| New-AzVirtualNetwork | Creates a virtual network. |
| New-AzPublicIpAddress | Creates a public IP address. |
| New-AzVirtualNetworkGatewayIpConfig | Creates a new gateway ip configuration. |
| New-AzVirtualNetworkGateway | Creates a VPN gateway. |
| Remove-AzResourceGroup | Removes a resource group and all resources contained within. |
| Set-AzVirtualNetwork | Sets the subnet configuration for the virtual network. |
| Set-AzVirtualNetworkGateway | Sets the configuration for the VPN gateway. |
Next steps
For more information on the Azure PowerShell module, see Azure PowerShell documentation.
Feedback
Submit and view feedback for