Terraform with Virtual Network Gateway, Local Network Gateway and Connections is failing with weird error

achavanpan commented 7 months ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.3.7

AzureRM Provider Version

3.69

Affected Resource(s)/Data Source(s)

azurerm_subnet, azurerm_subnet_network_security_group_association

Terraform Configuration Files

# RESOURCE GROUP #
resource "azurerm_resource_group" "test" {
  name     = "${var.user_name}-${var.prefix}"
  location = var.location
  tags = {
    RunStatus = "NOSTOP"
    NOSTOP_REASON = "Autoscale_automation"
    NOSTOP_EXPECTED_END_DATE  = "12/31/2020"
    StoreStatus = "DND"
    Office = "HQ"
    UserID = var.user_name
    CreateDate = timestamp()
  }
}

# VIRTUAL NET #
resource "azurerm_virtual_network" "hubVnet1" {
  name                = "hubVnet1-${var.user_name}-${var.prefix}"
  address_space       = ["10.0.0.0/16"]
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
}

# VIRTUAL NET #
resource "azurerm_virtual_network" "Spoke1vnet" {
  name                = "Spoke1vnet-${var.user_name}-${var.prefix}"
  address_space       = ["10.2.0.0/16"]
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
}

# VIRTUAL NET #
resource "azurerm_virtual_network" "Spoke2vnet" {
  name                = "Spoke2vnet-${var.user_name}-${var.prefix}"
  address_space       = ["10.3.0.0/16"]
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
}

# VIRTUAL NET FOR INBOUND #
resource "azurerm_virtual_network" "Spoke3vnet" {
  name                = "Spoke3vnet-${var.user_name}-${var.prefix}"
  address_space       = ["10.4.0.0/16"]
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
}

# VIRTUAL NET FOR NON-RFC #
resource "azurerm_virtual_network" "non-rfc-vnet" {
  count               = var.non_rfc ? 1 : 0
  name                = "non-rfc-vnet-${var.user_name}-${var.prefix}"
  address_space       = ["40.0.0.0/16"]
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
}

resource "azurerm_subnet" "subnet1" {
  name                 = "subnet1-hubVnet1-${var.user_name}-${var.prefix}"
  resource_group_name  = azurerm_resource_group.test.name
  virtual_network_name = azurerm_virtual_network.hubVnet1.name
  address_prefixes      = ["10.0.0.0/24"]
  delegation {
    name = "subnet1"
    service_delegation {
      name = "PaloAltoNetworks.Cloudngfw/firewalls"
      actions = [
        "Microsoft.Network/virtualNetworks/subnets/join/action",
      ]
    }
  }
}

# IpSec Virtual Network GW and LNG #
resource "azurerm_subnet" "onprem" {
  name                 = "GatewaySubnet"
  resource_group_name  = azurerm_resource_group.test.name
  virtual_network_name = azurerm_virtual_network.hubVnet1.name
  address_prefixes     = ["10.0.2.0/24"]
}

resource "azurerm_local_network_gateway" "onpremiselng" {
  name                = "onpremiselng"
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
  gateway_address     = "xx"
  address_space       = ["10.3.0.0/24"]
}

resource "azurerm_public_ip" "Site-PublicIP" {
  name                = "Site-${var.user_name}-${var.prefix}"
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
  allocation_method   = "Dynamic"

}

resource "azurerm_virtual_network_gateway" "OnPremVNG" {
  name                = "onpremVNG"
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name

  type     = "Vpn"
  vpn_type = "RouteBased"

  active_active = false
  enable_bgp    = false
  sku = "VpnGw1"

  ip_configuration {
    public_ip_address_id          = azurerm_public_ip.Site-PublicIP.id
    private_ip_address_allocation = "Dynamic"
    subnet_id                     = azurerm_subnet.onprem.id
  }
}

resource "azurerm_virtual_network_gateway_connection" "onpremise-connection" {
  name                = "onpremise-connection"
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name

  type                       = "IPsec"
  virtual_network_gateway_id = azurerm_virtual_network_gateway.OnPremVNG.id
  local_network_gateway_id   = azurerm_local_network_gateway.onpremiselng.id

  shared_key = var.shared_key
}

# SUBNETS #
resource "azurerm_subnet" "subnet2" {
  name                 = "subnet2-hubVnet1-${var.user_name}-${var.prefix}"
  resource_group_name  = azurerm_resource_group.test.name
  virtual_network_name = azurerm_virtual_network.hubVnet1.name
  address_prefixes      = ["10.0.1.0/24"]
  delegation {
    name = "subnet2"
    service_delegation {
      name = "PaloAltoNetworks.Cloudngfw/firewalls"
      actions = [
        "Microsoft.Network/virtualNetworks/subnets/join/action",
      ]
    }
  }
}

resource "azurerm_subnet" "spoke1" {
  name                 = "spoke1-Spoke1vnet-${var.user_name}-${var.prefix}"
  resource_group_name  = azurerm_resource_group.test.name
  virtual_network_name = azurerm_virtual_network.Spoke1vnet.name
  address_prefixes      = ["10.2.0.0/24"]
}

resource "azurerm_subnet" "spoke2" {
  name                 = "spoke2-Spoke2vnet-${var.user_name}-${var.prefix}"
  resource_group_name  = azurerm_resource_group.test.name
  virtual_network_name = azurerm_virtual_network.Spoke2vnet.name
  address_prefixes      = ["10.3.0.0/24"]
}

resource "azurerm_subnet" "spoke3" {
  name                 = "spoke3-Spoke3vnet-${var.user_name}-${var.prefix}"
  resource_group_name  = azurerm_resource_group.test.name
  virtual_network_name = azurerm_virtual_network.Spoke3vnet.name
  address_prefixes      = ["10.4.0.0/24"]
}

resource "azurerm_subnet" "non-rfc" {
  count               = var.non_rfc ? 1 : 0
  name                 = "non-rfc-subnet-${var.user_name}-${var.prefix}"
  resource_group_name  = azurerm_resource_group.test.name
  virtual_network_name = azurerm_virtual_network.non-rfc-vnet[count.index].name
  address_prefixes      = ["40.0.0.0/24"]
}

# PUBLIC IPs #
resource "azurerm_public_ip" "Spoke1PublicIP" {
  count               = var.traffic_instances_per_spoke_vnet
  name                = "Spoke1PublicIP-${var.user_name}-${var.prefix}-${count.index}"
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
  allocation_method   = "Static"
  domain_name_label   = "spoke1publicip-${var.user_name}-${var.prefix}-${count.index}"
}

# PUBLIC IPs #
resource "azurerm_public_ip" "Spoke2PublicIP" {
  count               = var.traffic_instances_per_spoke_vnet
  name                = "Spoke2PublicIP-${var.user_name}-${var.prefix}-${count.index}"
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
  allocation_method   = "Static"
  domain_name_label   = "spoke2publicip-${var.user_name}-${var.prefix}-${count.index}"
}

# PUBLIC IPs #
resource "azurerm_public_ip" "Spoke3PublicIP" {
  count               = 1
  name                = "Spoke3PublicIP-${var.user_name}-${var.prefix}-${count.index}"
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
  allocation_method   = "Static"
  domain_name_label   = "spoke3publicip-${var.user_name}-${var.prefix}-${count.index}"
}

# PUBLIC IPs #
resource "azurerm_public_ip" "non-rfc-PublicIP" {
  count               = var.non_rfc ? 1 : 0
  name                = "non-rfc-PublicIP-${var.user_name}-${var.prefix}-${count.index}"
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
  allocation_method   = "Static"
  domain_name_label   = "non-rfc-publicip-${var.user_name}-${var.prefix}-${count.index}"
}

# PUBLIC IPs #
resource "azurerm_public_ip" "publicip" {
  count               = var.hub_public_ip_count
  name                = "publicip-${var.user_name}-${var.prefix}-${count.index}"
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
  allocation_method   = "Static"
  sku                 = "Standard"
  domain_name_label   = "publicip-${var.user_name}-${var.prefix}-${count.index}"
}

# Create INTERFACES #
resource "azurerm_network_interface" "Spoke1StandardNic" {
  count                     = var.traffic_instances_per_spoke_vnet
  name                      = "Spoke1StandardNic-${var.user_name}-${var.prefix}-${count.index}"
  location                  = var.location
  resource_group_name       = azurerm_resource_group.test.name
  depends_on = [
    azurerm_virtual_network.Spoke1vnet,
    azurerm_public_ip.Spoke1PublicIP,
  ]
  ip_configuration {
    name                          = "ipConfig1-${var.user_name}-${var.prefix}-${count.index}"
    subnet_id                     = azurerm_subnet.spoke1.id
    private_ip_address_allocation = "Dynamic"
    #private_ip_address            = "10.2.0.4"
    public_ip_address_id          = azurerm_public_ip.Spoke1PublicIP[count.index].id
  }
}

# Create INTERFACES #
resource "azurerm_network_interface" "Spoke2StandardNic" {
  count                     = var.traffic_instances_per_spoke_vnet
  name                      = "Spoke2StandardNic-${var.user_name}-${var.prefix}-${count.index}"
  location                  = var.location
  resource_group_name       = azurerm_resource_group.test.name
  depends_on = [
    azurerm_virtual_network.Spoke2vnet,
    azurerm_public_ip.Spoke2PublicIP,
  ]
  ip_configuration {
    name                          = "ipConfig2-${var.user_name}-${var.prefix}-${count.index}"
    subnet_id                     = azurerm_subnet.spoke2.id
    private_ip_address_allocation = "Dynamic"
    #private_ip_address           = "10.3.0.4"
    public_ip_address_id          = azurerm_public_ip.Spoke2PublicIP[count.index].id
  }
}

# Create INTERFACES #
resource "azurerm_network_interface" "Spoke3StandardNic" {
  count                     = 1
  name                      = "Spoke3StandardNic-${var.user_name}-${var.prefix}-${count.index}"
  location                  = var.location
  resource_group_name       = azurerm_resource_group.test.name
  depends_on = [
    azurerm_virtual_network.Spoke3vnet,
    azurerm_public_ip.Spoke3PublicIP,
  ]
  ip_configuration {
    name                          = "ipConfig3-${var.user_name}-${var.prefix}-${count.index}"
    subnet_id                     = azurerm_subnet.spoke3.id
    private_ip_address_allocation = "Dynamic"
    #private_ip_address           = "10.4.0.4"
    public_ip_address_id          = azurerm_public_ip.Spoke3PublicIP[count.index].id
  }
}

# Create INTERFACES #
resource "azurerm_network_interface" "NonRFCNic" {
  count                     = var.non_rfc ? 1 : 0
  name                      = "NonRFCNic-${var.user_name}-${var.prefix}-${count.index}"
  location                  = var.location
  resource_group_name       = azurerm_resource_group.test.name
  depends_on = [
    azurerm_virtual_network.non-rfc-vnet,
    azurerm_public_ip.non-rfc-PublicIP,
  ]
  ip_configuration {
    name                          = "nonrfcipConfig-${var.user_name}-${var.prefix}-${count.index}"
    subnet_id                     = azurerm_subnet.non-rfc[count.index].id
    private_ip_address_allocation = "Dynamic"
    #private_ip_address           = "10.4.0.4"
    public_ip_address_id          = azurerm_public_ip.non-rfc-PublicIP[count.index].id
  }
}

resource "azurerm_subnet_network_security_group_association" "spoke1" {
  subnet_id                 = azurerm_subnet.spoke1.id
  network_security_group_id = azurerm_network_security_group.nsg1.id
}

resource "azurerm_subnet_network_security_group_association" "spoke2" {
  subnet_id                 = azurerm_subnet.spoke2.id
  network_security_group_id = azurerm_network_security_group.nsg1.id
}

resource "azurerm_subnet_network_security_group_association" "spoke3" {
  subnet_id                 = azurerm_subnet.spoke3.id
  network_security_group_id = azurerm_network_security_group.nsg1.id
}

resource "azurerm_subnet_network_security_group_association" "non-rfc" {
  count                     = var.non_rfc ? 1 : 0
  subnet_id                 = azurerm_subnet.non-rfc[count.index].id
  network_security_group_id = azurerm_network_security_group.nsg1.id
}

resource "azurerm_subnet_network_security_group_association" "hub_trust" {
  subnet_id                 = azurerm_subnet.subnet2.id
  network_security_group_id = azurerm_network_security_group.hub_trust_nsg.id
}

resource "azurerm_subnet_network_security_group_association" "hub_untrust" {
  subnet_id                 = azurerm_subnet.subnet1.id
  network_security_group_id = azurerm_network_security_group.hub_untrust_nsg.id
}

resource "azurerm_route_table" "hub-trust-rtb" {
  name                          = "hub-trust-rtb-${var.user_name}-${var.prefix}"
  location                      = azurerm_resource_group.test.location
  resource_group_name           = azurerm_resource_group.test.name
  disable_bgp_route_propagation = false
  tags = {
    environment = "Production"
  }
}

resource "azurerm_subnet_route_table_association" "hub-trust-rtb" {
  subnet_id      = azurerm_subnet.subnet2.id
  route_table_id = azurerm_route_table.hub-trust-rtb.id
}

resource "azurerm_route_table" "spoke1-rtb" {
  name                          = "spoke1-rtb-${var.user_name}-${var.prefix}"
  location                      = azurerm_resource_group.test.location
  resource_group_name           = azurerm_resource_group.test.name
  disable_bgp_route_propagation = false
  tags = {
    environment = "Production"
  }
}

resource "azurerm_subnet_route_table_association" "spoke1-rtb" {
  subnet_id      = azurerm_subnet.spoke1.id
  route_table_id = azurerm_route_table.spoke1-rtb.id
}

resource "azurerm_route_table" "spoke2-rtb" {
  name                          = "spoke2-rtb-${var.user_name}-${var.prefix}"
  location                      = azurerm_resource_group.test.location
  resource_group_name           = azurerm_resource_group.test.name
  disable_bgp_route_propagation = false
  tags = {
    environment = "Production"
  }
}
resource "azurerm_subnet_route_table_association" "spoke2-rtb" {
  subnet_id      = azurerm_subnet.spoke2.id
  route_table_id = azurerm_route_table.spoke2-rtb.id
}

resource "azurerm_route_table" "spoke3-rtb" {
  name                          = "spoke3-rtb-${var.user_name}-${var.prefix}"
  location                      = azurerm_resource_group.test.location
  resource_group_name           = azurerm_resource_group.test.name
  disable_bgp_route_propagation = false
  tags = {
    environment = "Production"
  }
}
resource "azurerm_subnet_route_table_association" "spoke3-rtb" {
  subnet_id      = azurerm_subnet.spoke3.id
  route_table_id = azurerm_route_table.spoke3-rtb.id
}

resource "azurerm_route_table" "non-rfc-rtb" {
  count                         = var.non_rfc ? 1 : 0
  name                          = "non-rfc-rtb-${var.user_name}-${var.prefix}"
  location                      = azurerm_resource_group.test.location
  resource_group_name           = azurerm_resource_group.test.name
  disable_bgp_route_propagation = false
  tags = {
    environment = "Production"
  }
}
resource "azurerm_subnet_route_table_association" "non-rfc-rtb" {
  count          = var.non_rfc ? 1 : 0
  subnet_id      = azurerm_subnet.non-rfc[count.index].id
  route_table_id = azurerm_route_table.non-rfc-rtb[count.index].id
}

# Azure Virtual Network peering between Virtual Network Hub and Spoke1
resource "azurerm_virtual_network_peering" "Hub_to_spoke1" {
  name                         = "peer-vnet-Hub-with-spoke1-${var.user_name}-${var.prefix}"
  resource_group_name          = azurerm_resource_group.test.name
  virtual_network_name         = azurerm_virtual_network.hubVnet1.name
  remote_virtual_network_id    = azurerm_virtual_network.Spoke1vnet.id
  allow_virtual_network_access = true
  allow_forwarded_traffic = true
  allow_gateway_transit =  false
  use_remote_gateways = false
}

# Azure Virtual Network peering between Virtual Network Hub and Spoke2
resource "azurerm_virtual_network_peering" "Hub_to_spoke2" {
  name                         = "peer-vnet-Hub-with-spoke2-${var.user_name}-${var.prefix}"
  resource_group_name          = azurerm_resource_group.test.name
  virtual_network_name         = azurerm_virtual_network.hubVnet1.name
  remote_virtual_network_id    = azurerm_virtual_network.Spoke2vnet.id
  allow_virtual_network_access = true
  allow_forwarded_traffic = true
  allow_gateway_transit =  false
  use_remote_gateways = false
}

# Azure Virtual Network peering between Virtual Network Spoke2 and Hub
resource "azurerm_virtual_network_peering" "spoke2_to_hub" {
  name                         = "peer-vnet-spoke2-with-hub-${var.user_name}-${var.prefix}"
  resource_group_name          = azurerm_resource_group.test.name
  virtual_network_name         = azurerm_virtual_network.Spoke2vnet.name
  remote_virtual_network_id    = azurerm_virtual_network.hubVnet1.id
  allow_virtual_network_access = true
  allow_forwarded_traffic = true
  allow_gateway_transit =  false
  use_remote_gateways = false
}

# Azure Virtual Network peering between Virtual Network Spoke1 and Hub
resource "azurerm_virtual_network_peering" "spoke1_to_hub" {
  name                         = "peer-vnet-spoke1-with-hub-${var.user_name}-${var.prefix}"
  resource_group_name          = azurerm_resource_group.test.name
  virtual_network_name         = azurerm_virtual_network.Spoke1vnet.name
  remote_virtual_network_id    = azurerm_virtual_network.hubVnet1.id
  allow_virtual_network_access = true
  allow_forwarded_traffic = true
  allow_gateway_transit =  false
  use_remote_gateways = false
}

# Azure Virtual Network Peering between Virtual Network Hub and non-rfc
resource "azurerm_virtual_network_peering" "Hub_to_non-rfc" {
  count                         = var.non_rfc ? 1 : 0
  name                         = "peer-vnet-Hub-with-non-rfc-${var.user_name}-${var.prefix}"
  resource_group_name          = azurerm_resource_group.test.name
  virtual_network_name         = azurerm_virtual_network.hubVnet1.name
  remote_virtual_network_id    = azurerm_virtual_network.non-rfc-vnet[count.index].id
  allow_virtual_network_access = true
  allow_forwarded_traffic = true
  allow_gateway_transit =  false
  use_remote_gateways = false
}

# Azure Virtual Network peering between Virtual Network Spoke1 and Hub
resource "azurerm_virtual_network_peering" "non-rfc_to_hub" {
  count                         = var.non_rfc ? 1 : 0
  name                         = "peer-vnet-non-rfc-with-hub-${var.user_name}-${var.prefix}"
  resource_group_name          = azurerm_resource_group.test.name
  virtual_network_name         = azurerm_virtual_network.non-rfc-vnet[count.index].name
  remote_virtual_network_id    = azurerm_virtual_network.hubVnet1.id
  allow_virtual_network_access = true
  allow_forwarded_traffic = true
  allow_gateway_transit =  false
  use_remote_gateways = false
}

Debug Output/Panic Output

none

Expected Behaviour

The Terraform should be applied successfully and create all required resources.

Actual Behaviour

Intermittently the TF fails with 2 reasons:

│ Error: creating Subnet (Subscription: "xx" │ Resource Group Name: "xx" │ Virtual Network Name: "hubVnet1-xx" │ Subnet Name: "subnet1-hubVnet1-xx"): network.SubnetsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: context deadline exceeded │ │ with module.deployment[0].azurerm_subnet.subnet1, │ on deployment/network.tf line 59, in resource "azurerm_subnet" "subnet1": │ 59: resource "azurerm_subnet" "subnet1" { │

│ Error: updating Network Security Group Association for Subnet (Subscription: "xx" │ Resource Group Name: "xx" │ Virtual Network Name: "hubVnet1-xx" │ Subnet Name: "subnet2-hubVnet1-xx"): network.SubnetsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: context deadline exceeded │ │ with module.deployment[0].azurerm_subnet_network_security_group_association.hub_trust, │ on deployment/network.tf line 328, in resource "azurerm_subnet_network_security_group_association" "hub_trust": │ 328: resource "azurerm_subnet_network_security_group_association" "hub_trust" {

And before these errors I see

module.deployment[0].azurerm_subnet_network_security_group_association.hub_trust: Still creating... [28m50s elapsed] module.deployment[0].azurerm_subnet_network_security_group_association.hub_trust: Still creating... [29m0s elapsed] module.deployment[0].azurerm_subnet_network_security_group_association.hub_trust: Still creating... [29m10s elapsed] module.deployment[0].azurerm_subnet_network_security_group_association.hub_trust: Still creating... [29m20s elapsed] module.deployment[0].azurerm_subnet_network_security_group_association.hub_trust: Still creating... [29m30s elapsed] module.deployment[0].azurerm_subnet_network_security_group_association.hub_trust: Still creating... [29m40s elapsed] module.deployment[0].azurerm_subnet_network_security_group_association.hub_trust: Still creating... [29m50s elapsed]

And fails after 30 mins.

This issue is seen very often.

Steps to Reproduce

Terraform apply with above TF file

Important Factoids

No

References

Not Aware

neil-yechenwei commented 7 months ago

Thanks for raising this issue. Could you try to add "depends_on" to below terraform resources you're using to run them in sequence and then see if the issue still exists? Thanks.

azurerm_virtual_network azurerm_subnet azurerm_public_ip azurerm_network_security_group azurerm_network_interface azurerm_virtual_network_peering azurerm_route_table azurerm_subnet_route_table_association azurerm_subnet_network_security_group_association azurerm_local_network_gateway azurerm_virtual_network_gateway azurerm_virtual_network_gateway_connection

achavanpan commented 6 months ago

Hi @rcskosir , I am hitting in new issue now.

│ Error: Creating/Updating Virtual Network Gateway: (Name "onpremVNG" / Resource Group "adhi-jqpih4-0"): network.VirtualNetworkGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="PublicIpWithBasicSkuNotAllowedOnVPNGateways" Message="Basic IP configuration for VPN Virtual Network Gateways is not supported. Follow the link for more details : https://go.microsoft.com/fwlink/p/?linkid=2241350 /subscriptions/5b06bdb3-3a0c-4c26-a14d-7a5322b21f07/resourceGroups/adhi-jqpih4-0/providers/Microsoft.Network/virtualNetworkGateways/onpremVNG" Details=[] │

If I add SKU as Standard in TF it errors out with │ Error: Static IP allocation must be used when creating Standard SKU public IP addresses. │ │ with module.deployment[0].azurerm_public_ip.Site-PublicIP, │ on deployment/network.tf line 91, in resource "azurerm_public_ip" "Site-PublicIP": │ 91: resource "azurerm_public_ip" "Site-PublicIP" {

And I cannot have Static IP for Virtual Network Gateway. This was working fine couple of weeks back.

achavanpan commented 6 months ago

Also, @neil-yechenwei . Your above suggestion with depends on didnt work. Still hitting with this issue.

achavanpan commented 6 months ago

I see this issue on NCUS, FranceCentral. It passes on WestUS most of the times. @neil-yechenwei. I have added depends on to my resources followed by the sequence you suggested

archmangler commented 3 months ago

Any update? WAs there any announcement from Microsoft related to the changes that are now causing previously working IaC to fail?

"Basic IP configuration for VPN Virtual Network Gateways is not supported.

Referring to the above error.

bizmate commented 3 months ago

Was there any solution for this?

devopsog commented 2 months ago

For anyone who reads this in future. The Basic SKU public IP is being phased out and its not supported anymore for new VPNs: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq#how-does-public-ip-address-basic-sku-retirement-affect-my-vpn-gateways

LarsFronius commented 4 days ago

Can confirm that what's required to get this working is to move azurerm_public_ip into a different allocation method:

  allocation_method   = "Static"
  sku                 = "Standard"
  zones               = [1, 2, 3]

Attachment to azurerm_virtual_network_gateway works when public IP was generated this way.

hashicorp / terraform-provider-azurerm