search

MitchellGulledge / Meraki-vWAN

5 stars 4 forks source link

VPN Connections write fails for create_virtual_wan_connection #5

Closed yujiterada closed 4 years ago

yujiterada commented 4 years ago

The call to create_virtual_wan_connection is successful, but the tasks fails in Azure causing the VPN tunnel to fail between MX and Azure.

Expected Behavior

Create VPN gateway and connect it to a Hub in vWAN without any errors.

Steps to Reproduce

  1. Have all perquisites built
  2. Tag a networks with "vWAN-1"
  3. Run the automation script in Azure
  4. Write VpnGateways fail

Detailed Description

Logs show the following error.

"statusMessage": {
    "status": "Failed",
    "error": {
        "code": "ResourceOperationFailure",
        "message": "The resource operation completed with terminal provisioning state 'Failed'.",
        "details": [{
            "code": "InvalidParameter",
            "message": "The nrp resource uri '/subscriptions/97f34de4-264e-4e71-a6a0-XXXXXXXXXXXX/resourceGroups/Meraki-VWAN-RG/providers/Microsoft.Network/vpnSites/Office-Sydney/vpnSiteLinks/Office-Sydney-wan1' is invalid or the resource does not exist.",
            "details":[]
        }]
    }
}

However, that resource seems to exist.

{
  "value": [
    {
      "name": "Office-Sydney-wan1",
      "id": "/subscriptions/97f34de4-264e-4e71-a6a0-XXXXXXXXXXXX/resourceGroups/Meraki-VWAN-RG/providers/Microsoft.Network/vpnSites/Office-Sydney/vpnSiteLinks/Office-Sydney-wan1",
      "etag": "W/\"a97f9034-bf79-4a2f-a39c-9b00ef46972b\"",
      "properties": {
        "provisioningState": "Succeeded",
        "ipAddress": "121.209.XXX.XXX",
        "linkProperties": {
          "linkProviderName": "TELSTRAINTERNET45-AU",
          "linkSpeedInMbps": 250
        }
      },
      "type": "Microsoft.Network/vpnSites/vpnSiteLinks"
    }
  ]
}

Possible Solution

Wait until the VPN link connection's provision state has "Succeeded". I expect create_virtual_wan_connection() is called when the state is "Updating".

'vpnLinkConnections': [{
    'etag': 'W/"92924e2d-4b85-48cf-9ff3-7859da689944"',
    'id': '/subscriptions/97f34de4-264e-4e71-a6a0-XXXXXXXXXXXX/resourceGroups/Meraki-VWAN-RG/providers/Microsoft.Network/vpnGateways/e4afad07ac5d40e1ba118c4f3e4cb2d1-westus-gw/vpnConnections/Office-Sydney-connection/vpnLinkConnections/Office-Sydney-wan1',
    'name': 'Office-Sydney-wan1',
    'properties': {
        'connectionBandwidth': 250,
        'dpdTimeoutSeconds': 0,
        'egressBytesTransferred': 0,
        'enableBgp': False,
        'enableRateLimiting': False,
        'ingressBytesTransferred': 0,
        'ipsecPolicies': [{
            'dhGroup': 'DHGroup14',
           'ikeEncryption': 'AES256',
           'ikeIntegrity': 'SHA256',
           'ipsecEncryption': 'AES256',
           'ipsecIntegrity': 'SHA256',
           'pfsGroup': 'None',
           'saDataSizeKilobytes': 102400000,
           'saLifeTimeSeconds': 3600
        }],
        'packetCaptureDiagnosticState': 'None',
        'provisioningState': 'Updating',
        'routingWeight': 0,
        'sharedKey': 'XXXXXXXXXXXX',
        'useLocalAzureIpAddress': False,
        'usePolicyBasedTrafficSelectors': False,
        'vpnConnectionProtocolType': 'IKEv2',
        'vpnSiteLink': {
           'id': '/subscriptions/97f34de4-264e-4e71-a6a0-XXXXXXXXXXXX/resourceGroups/Meraki-VWAN-RG/providers/Microsoft.Network/vpnSites/Office-Sydney/vpnSiteLinks/Office-Sydney-wan1'
        }
    },
    'type': 'Microsoft.Network/vpnGateways/vpnConnections/vpnLinkConnections'
}]
JackStromberg commented 4 years ago

Should be addressed in 8604a11deeaab40ca9e14e0f14ea2c4aab4d895b. Please reopen if not the case.