maddieclayton
commented
6 years ago @MikhailTryakhov @DeepakRajendranMsft Can you take a look at this issue?
Open kahsky opened 6 years ago
maddieclayton
commented
6 years ago @MikhailTryakhov @DeepakRajendranMsft Can you take a look at this issue?
maddieclayton
commented
6 years ago @Nilambari Can you take a look at this issue?
EvgenyAgafonchikov
commented
5 years ago Updating with details. Support for AzureRM is dropped and there would be no new versions, so I'm checking with the latest Az module.
$vpn = New-AzVirtualNetworkGateway -Name test -ResourceGroupName test-evg3 -Location westcentralus -IpConfigurations $ipconfig -GatewayType Vpn -VpnType RouteBased -EnableBgp $false -GatewaySku Basic -VpnClientProtocol "IKEv2" -DebugCurrently VnetGateway with this set of parameters is created successfully, however, there is no protocol info. (DebugOutput1 below).
From the source, we set protocol only in case we enter this if statement. So I had to specify VpnClientAddressPool to check what happens there.
$vpn = New-AzVirtualNetworkGateway -Name test -ResourceGroupName test-evg3 -Location westcentralus -IpConfigurations $ipconfig -GatewayType Vpn -VpnType RouteBased -EnableBgp $false -GatewaySku Basic -VpnClientProtocol "IKEv2" -VpnClientAddressPool 10.0.0.0/8 -DebugIn this case I got correct failure:
New-AzVirtualNetworkGateway : Vpn client protocol IkeV2 is not supported for basic Sku gateway /subscriptions/<SubId>/resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworkGateways/test.
StatusCode: 400
ReasonPhrase: Bad RequestSo it looks like original issue could go as "no repro", @kahsky, would you mind updating to the latest Az module version and re-check? However, we need to make the fact, that protocol and some other properties are dropped depending on other parameter, more obvious for users. @Nilambari, could you please take a look?
DebugOutput1
// Request has no vpnClientConfiguration, // Response have some default values for it
============================ HTTP REQUEST ============================
HTTP Method:
PUT
Absolute Uri:
https://management.azure.com/subscriptions/<SubId>/resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworkGateways/test?api-version=2018-11-01
Headers:
x-ms-client-request-id : f03f2fa3-5935-4baf-aaf6-6ced53226e4e
accept-language : en-US
Body:
{
"properties": {
"ipConfigurations": [
{
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "/subscriptions/<SubId>/resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworks/test/subnets/GatewaySubnet"
},
"publicIPAddress": {
"id": "/subscriptions/<SubId>/resourceGroups/test-evg3/providers/Microsoft.Network/publicIPAddresses/test"
}
},
"name": "test",
"id": "/subscriptions/<SubId>/resourceGroups/ResourceGroupNotSet/providers/Microsoft.Network/virtualNetworkGateways/VirtualNetworkGatewayNameNotSet/virtualNetworkGatewayIpConfiguration/test"
}
],
"gatewayType": "Vpn",
"vpnType": "RouteBased",
"enableBgp": false,
"activeActive": false,
"sku": {
"name": "Basic",
"tier": "Basic",
"capacity": 0
}
},
"location": "westcentralus"
}
============================ HTTP RESPONSE ============================
Status Code:
Created
Headers:
Pragma : no-cache
Retry-After : 10
x-ms-request-id : 81964dde-387f-404a-bd1c-e7000817db9f
Azure-AsyncOperation : https://management.azure.com/subscriptions/<SubId>/providers/Microsoft.Network/locations/westcentralus/operations/81964dde-387f-404a-bd1c-e7000817db9f?api-version=2018-11-01
x-ms-correlation-request-id : 9f186f31-7185-4c20-81c5-f4a835374c93
Strict-Transport-Security : max-age=31536000; includeSubDomains
Cache-Control : no-cache
Server : Microsoft-HTTPAPI/2.0,Microsoft-HTTPAPI/2.0
x-ms-ratelimit-remaining-subscription-writes: 1199
x-ms-routing-request-id : UKWEST:20190125T063532Z:9f186f31-7185-4c20-81c5-f4a835374c93
X-Content-Type-Options : nosniff
Date : Fri, 25 Jan 2019 06:35:31 GMT
Body:
{
"name": "test",
"id": "/subscriptions/<SubId>/resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworkGateways/test",
"etag": "W/\"64271ab0-d56a-4392-acf3-417ea7179e9b\"",
"type": "Microsoft.Network/virtualNetworkGateways",
"location": "westcentralus",
"properties": {
"provisioningState": "Updating",
"resourceGuid": "54806cae-4baa-4165-9c9c-3ec6cac76c12",
"ipConfigurations": [
{
"name": "test",
"id": "/subscriptions/<SubId>/resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworkGateways/test/ipConfigurations/test",
"etag": "W/\"64271ab0-d56a-4392-acf3-417ea7179e9b\"",
"type": "Microsoft.Network/virtualNetworkGateways/ipConfigurations",
"properties": {
"provisioningState": "Updating",
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "/subscriptions/<SubId>/resourceGroups/test-evg3/providers/Microsoft.Network/publicIPAddresses/test"
},
"subnet": {
"id": "/subscriptions/<SubId>/resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworks/test/subnets/GatewaySubnet"
}
}
}
],
"sku": {
"name": "Basic",
"tier": "Basic",
"capacity": 2
},
"gatewayType": "Vpn",
"vpnType": "RouteBased",
"enableBgp": false,
"activeActive": false,
"vpnClientConfiguration": {
"vpnClientProtocols": [
"SSTP"
],
"vpnClientRootCertificates": [],
"vpnClientRevokedCertificates": [],
"vpnClientIpsecPolicies": []
}
}
}// There go multiple "In progress" responses, // Initial vpnClientConfiguration disappeared // Resulting item:
============================ HTTP REQUEST ============================
HTTP Method:
GET
Absolute Uri:
https://management.azure.com/subscriptions/<SubId>/resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworkGateways/test?api-version=2018-11-01
Headers:
x-ms-client-request-id : be226511-347d-410c-af8a-fb781b888b62
accept-language : en-US
Body:
============================ HTTP RESPONSE ============================
Status Code:
OK
Headers:
Pragma : no-cache
x-ms-request-id : cd3ccac8-be82-43a6-b396-a2aff2fe9cbd
x-ms-correlation-request-id : 790e7009-ed18-4ff4-a78d-f5f9aa79cad9
Strict-Transport-Security : max-age=31536000; includeSubDomains
Cache-Control : no-cache
Server : Microsoft-HTTPAPI/2.0,Microsoft-HTTPAPI/2.0
x-ms-ratelimit-remaining-subscription-reads: 11789
x-ms-routing-request-id : UKWEST:20190125T070246Z:790e7009-ed18-4ff4-a78d-f5f9aa79cad9
X-Content-Type-Options : nosniff
Date : Fri, 25 Jan 2019 07:02:46 GMT
Body:
{
"name": "test",
"id": "/subscriptions/<SubId>/resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworkGateways/test",
"etag": "W/\"69779ba7-7649-4e84-a6f1-35b22a3a8e79\"",
"type": "Microsoft.Network/virtualNetworkGateways",
"location": "westcentralus",
"properties": {
"provisioningState": "Succeeded",
"resourceGuid": "54806cae-4baa-4165-9c9c-3ec6cac76c12",
"ipConfigurations": [
{
"name": "test",
"id": "/subscriptions/<SubId>/resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworkGateways/test/ipConfigurations/test",
"etag": "W/\"69779ba7-7649-4e84-a6f1-35b22a3a8e79\"",
"type": "Microsoft.Network/virtualNetworkGateways/ipConfigurations",
"properties": {
"provisioningState": "Succeeded",
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "/subscriptions/<SubId>/resourceGroups/test-evg3/providers/Microsoft.Network/publicIPAddresses/test"
},
"subnet": {
"id": "/subscriptions/<SubId>/resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworks/test/subnets/GatewaySubnet"
}
}
}
],
"sku": {
"name": "Basic",
"tier": "Basic",
"capacity": 2
},
"gatewayType": "Vpn",
"vpnType": "RouteBased",
"enableBgp": false,
"activeActive": false,
"bgpSettings": {
"asn": 65515,
"bgpPeeringAddress": "10.0.1.254",
"peerWeight": 0
}
}
}
kahsky
commented
5 years ago Hi,
@EvgenyAgafonchikov I will change my scripts and re-check and come back here asap.
Thank you.
Nilambari
commented
4 years ago Updating with details. Support for AzureRM is dropped and there would be no new versions, so I'm checking with the latest Az module. $vpn = New-AzVirtualNetworkGateway -Name test -ResourceGroupName test-evg3 -Location westcentralus -IpConfigurations $ipconfig -GatewayType Vpn -VpnType RouteBased -EnableBgp $false -GatewaySku Basic -VpnClientProtocol "IKEv2" -Debug
Currently VnetGateway with this set of parameters is created successfully, however, there is no protocol info. (DebugOutput1 below). From the source, we set protocol only in case we enter this if statement. So I had to specify VpnClientAddressPool to check what happens there. $vpn = New-AzVirtualNetworkGateway -Name test -ResourceGroupName test-evg3 -Location westcentralus -IpConfigurations $ipconfig -GatewayType Vpn -VpnType RouteBased -EnableBgp $false -GatewaySku Basic -VpnClientProtocol "IKEv2" -VpnClientAddressPool 10.0.0.0/8 -Debug
In this case I got correct failure: New-AzVirtualNetworkGateway : Vpn client protocol IkeV2 is not supported for basic Sku gateway /subscriptions/
/resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworkGateways/test. StatusCode: 400 ReasonPhrase: Bad Request So it looks like original issue could go as "no repro", @kahsky, would you mind updating to the latest Az module version and re-check? However, we need to make the fact, that protocol and some other properties are dropped depending on other parameter, more obvious for users. @Nilambari, could you please take a look? DebugOutput1 // Request has no vpnClientConfiguration, // Response have some default values for it ============================ HTTP REQUEST ============================
HTTP Method: PUT
Absolute Uri: https://management.azure.com/subscriptions/
/resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworkGateways/test?api-version=2018-11-01 Headers: x-ms-client-request-id : f03f2fa3-5935-4baf-aaf6-6ced53226e4e accept-language : en-US
Body: { "properties": { "ipConfigurations": [ { "properties": { "privateIPAllocationMethod": "Dynamic", "subnet": { "id": "/subscriptions/
/resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworks/test/subnets/GatewaySubnet" }, "publicIPAddress": { "id": "/subscriptions/ /resourceGroups/test-evg3/providers/Microsoft.Network/publicIPAddresses/test" } }, "name": "test", "id": "/subscriptions/ /resourceGroups/ResourceGroupNotSet/providers/Microsoft.Network/virtualNetworkGateways/VirtualNetworkGatewayNameNotSet/virtualNetworkGatewayIpConfiguration/test" } ], "gatewayType": "Vpn", "vpnType": "RouteBased", "enableBgp": false, "activeActive": false, "sku": { "name": "Basic", "tier": "Basic", "capacity": 0 } }, "location": "westcentralus" } ============================ HTTP RESPONSE ============================
Status Code: Created
Headers: Pragma : no-cache Retry-After : 10 x-ms-request-id : 81964dde-387f-404a-bd1c-e7000817db9f Azure-AsyncOperation : https://management.azure.com/subscriptions/
/providers/Microsoft.Network/locations/westcentralus/operations/81964dde-387f-404a-bd1c-e7000817db9f?api-version=2018-11-01 x-ms-correlation-request-id : 9f186f31-7185-4c20-81c5-f4a835374c93 Strict-Transport-Security : max-age=31536000; includeSubDomains Cache-Control : no-cache Server : Microsoft-HTTPAPI/2.0,Microsoft-HTTPAPI/2.0 x-ms-ratelimit-remaining-subscription-writes: 1199 x-ms-routing-request-id : UKWEST:20190125T063532Z:9f186f31-7185-4c20-81c5-f4a835374c93 X-Content-Type-Options : nosniff Date : Fri, 25 Jan 2019 06:35:31 GMT Body: { "name": "test", "id": "/subscriptions/
/resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworkGateways/test", "etag": "W/\"64271ab0-d56a-4392-acf3-417ea7179e9b\"", "type": "Microsoft.Network/virtualNetworkGateways", "location": "westcentralus", "properties": { "provisioningState": "Updating", "resourceGuid": "54806cae-4baa-4165-9c9c-3ec6cac76c12", "ipConfigurations": [ { "name": "test", "id": "/subscriptions/ /resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworkGateways/test/ipConfigurations/test", "etag": "W/\"64271ab0-d56a-4392-acf3-417ea7179e9b\"", "type": "Microsoft.Network/virtualNetworkGateways/ipConfigurations", "properties": { "provisioningState": "Updating", "privateIPAllocationMethod": "Dynamic", "publicIPAddress": { "id": "/subscriptions/ /resourceGroups/test-evg3/providers/Microsoft.Network/publicIPAddresses/test" }, "subnet": { "id": "/subscriptions/ /resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworks/test/subnets/GatewaySubnet" } } } ], "sku": { "name": "Basic", "tier": "Basic", "capacity": 2 }, "gatewayType": "Vpn", "vpnType": "RouteBased", "enableBgp": false, "activeActive": false, "vpnClientConfiguration": { "vpnClientProtocols": [ "SSTP" ], "vpnClientRootCertificates": [], "vpnClientRevokedCertificates": [], "vpnClientIpsecPolicies": [] } } } // There go multiple "In progress" responses, // Initial vpnClientConfiguration disappeared // Resulting item: ============================ HTTP REQUEST ============================
HTTP Method: GET
Absolute Uri: https://management.azure.com/subscriptions/
/resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworkGateways/test?api-version=2018-11-01 Headers: x-ms-client-request-id : be226511-347d-410c-af8a-fb781b888b62 accept-language : en-US
Body:
============================ HTTP RESPONSE ============================
Status Code: OK
Headers: Pragma : no-cache x-ms-request-id : cd3ccac8-be82-43a6-b396-a2aff2fe9cbd x-ms-correlation-request-id : 790e7009-ed18-4ff4-a78d-f5f9aa79cad9 Strict-Transport-Security : max-age=31536000; includeSubDomains Cache-Control : no-cache Server : Microsoft-HTTPAPI/2.0,Microsoft-HTTPAPI/2.0 x-ms-ratelimit-remaining-subscription-reads: 11789 x-ms-routing-request-id : UKWEST:20190125T070246Z:790e7009-ed18-4ff4-a78d-f5f9aa79cad9 X-Content-Type-Options : nosniff Date : Fri, 25 Jan 2019 07:02:46 GMT
Body: { "name": "test", "id": "/subscriptions/
/resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworkGateways/test", "etag": "W/\"69779ba7-7649-4e84-a6f1-35b22a3a8e79\"", "type": "Microsoft.Network/virtualNetworkGateways", "location": "westcentralus", "properties": { "provisioningState": "Succeeded", "resourceGuid": "54806cae-4baa-4165-9c9c-3ec6cac76c12", "ipConfigurations": [ { "name": "test", "id": "/subscriptions/ /resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworkGateways/test/ipConfigurations/test", "etag": "W/\"69779ba7-7649-4e84-a6f1-35b22a3a8e79\"", "type": "Microsoft.Network/virtualNetworkGateways/ipConfigurations", "properties": { "provisioningState": "Succeeded", "privateIPAllocationMethod": "Dynamic", "publicIPAddress": { "id": "/subscriptions/ /resourceGroups/test-evg3/providers/Microsoft.Network/publicIPAddresses/test" }, "subnet": { "id": "/subscriptions/ /resourceGroups/test-evg3/providers/Microsoft.Network/virtualNetworks/test/subnets/GatewaySubnet" } } } ], "sku": { "name": "Basic", "tier": "Basic", "capacity": 2 }, "gatewayType": "Vpn", "vpnType": "RouteBased", "enableBgp": false, "activeActive": false, "bgpSettings": { "asn": 65515, "bgpPeeringAddress": "10.0.1.254", "peerWeight": 0 } } }
Will take a look at it.
ghost
commented
4 years ago Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub.
Description
New-AzureRmVirtualNetworkGateway -GatewaySku Basic -VpnClientProtocol "IKEv2" This command should return an error as only SSTP protocal is allowed for SKU Basic. Only allowed Protocol : New-AzureRmVirtualNetworkGateway -GatewaySku Basic -VpnClientProtocol "SSTP" If you define IKEv2 with Basic SKU, your deployement will stay in "failed state" and the only way to repair is to delete and reinstall correctly. Moreover, your gateways will start in vpnGw1 SKU charging you the vpnGw1 SKU price, even if the gateway is in failed state and not working at all.
Script/Steps for Reproduction
Module Version
Environment Data
Debug Output