public void CanCreatePointToSiteConfigurtation()
{
using (var context = FluentMockContext.Start(GetType().FullName))
{
string vpnGatewayName = SdkContext.RandomResourceName("vngw", 10);
string networkName = SdkContext.RandomResourceName("net", 10);
var groupName = SdkContext.RandomResourceName("rg", 6);
var manager = TestHelper.CreateNetworkManager();
INetwork network = manager.Networks.Define(networkName)
.WithRegion(REGION)
.WithNewResourceGroup(groupName)
.WithAddressSpace("192.168.0.0/16")
.WithAddressSpace("10.254.0.0/16")
.WithSubnet("GatewaySubnet", "192.168.200.0/24")
.WithSubnet("FrontEnd", "192.168.1.0/24")
.WithSubnet("BackEnd", "10.254.1.0/24")
.Create();
IVirtualNetworkGateway vngw1 = manager.VirtualNetworkGateways.Define(vpnGatewayName)
.WithRegion(REGION)
.WithExistingResourceGroup(groupName)
.WithExistingNetwork(network)
.WithRouteBasedVpn()
.WithSku(VirtualNetworkGatewaySkuName.VpnGw1)
.Create();
vngw1.Update()
.DefinePointToSiteConfiguration()
.WithAddressPool("172.16.201.0/24")
.WithAzureCertificateFromFile(CERTIFICATE_NAME, new FileInfo(Path.Combine("Assets", "myTest3.cer")))
.Attach()
.Apply();
Assert.NotNull(vngw1.VpnClientConfiguration);
Assert.Equal("172.16.201.0/24", vngw1.VpnClientConfiguration.VpnClientAddressPool.AddressPrefixes.First());
Assert.Equal(1, vngw1.VpnClientConfiguration.VpnClientRootCertificates.Count);
Assert.Equal(CERTIFICATE_NAME, vngw1.VpnClientConfiguration.VpnClientRootCertificates.First().Name);
String profile = vngw1.GenerateVpnProfile();
Assert.NotNull(profile);
vngw1.Update().UpdatePointToSiteConfiguration()
.WithRevokedCertificate(CERTIFICATE_NAME, "bdf834528f0fff6eaae4c154e06b54322769276c")
.Parent()
.Apply();
Assert.Equal(CERTIFICATE_NAME, vngw1.VpnClientConfiguration.VpnClientRevokedCertificates.First().Name);
vngw1.Update().UpdatePointToSiteConfiguration()
.WithoutAzureCertificate(CERTIFICATE_NAME)
.Parent()
.Apply();
Assert.Equal(0, vngw1.VpnClientConfiguration.VpnClientRootCertificates.Count);
manager.ResourceManager.ResourceGroups.BeginDeleteByName(groupName);
}
}
/**
* Azure Network sample for managing virtual network gateway.
* - Create a virtual network with subnets
* - Create virtual network gateway
* - Update virtual network gateway with Point-to-Site connection configuration
* - Generate and download VPN client configuration package. Now it can be used to create VPN connection to Azure.
* - Revoke a client certificate
*
* Please note: in order to run this sample, you need to have:
* - pre-generated root certificate and public key exported to $CERT_PATH file
* For more details please see https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site for PowerShell instructions
* and https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site-makecert for Makecert instructions.
* - client certificate generated for this root certificate installed on your machine.
* Please see: https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-how-to-vpn-client-install-azure-cert
* - thumbprint for client certificate saved to $CLIENT_CERT_THUMBPRINT
*/
public static void RunSample(IAzure azure)
{
string rgName = SdkContext.RandomResourceName("rgNEMV", 24);
string vnetName = SdkContext.RandomResourceName("vnet", 20);
string vpnGatewayName = SdkContext.RandomResourceName("vngw", 20);
string certPath = Environment.GetEnvironmentVariable("CERT_PATH");
string clientCertThumbprint = Environment.GetEnvironmentVariable("CLIENT_CERT_THUMBPRINT");
try
{
//============================================================
// Create virtual network with address spaces 192.168.0.0/16 and 10.254.0.0/16 and 3 subnets
Utilities.Log("Creating virtual network...");
INetwork network = azure.Networks.Define(vnetName)
.WithRegion(region)
.WithNewResourceGroup(rgName)
.WithAddressSpace("192.168.0.0/16")
.WithAddressSpace("10.254.0.0/16")
.WithSubnet("GatewaySubnet", "192.168.200.0/24")
.WithSubnet("FrontEnd", "192.168.1.0/24")
.WithSubnet("BackEnd", "10.254.1.0/24")
.Create();
Utilities.Log("Created network");
// Print the virtual network
Utilities.Log(network);
//============================================================
// Create virtual network gateway
Utilities.Log("Creating virtual network gateway...");
IVirtualNetworkGateway vngw1 = azure.VirtualNetworkGateways.Define(vpnGatewayName)
.WithRegion(region)
.WithExistingResourceGroup(rgName)
.WithExistingNetwork(network)
.WithRouteBasedVpn()
.WithSku(VirtualNetworkGatewaySkuName.VpnGw1)
.Create();
Utilities.Log("Created virtual network gateway");
//============================================================
// Update virtual network gateway with Point-to-Site connection configuration
Utilities.Log("Creating Point-to-Site configuration...");
vngw1.Update()
.DefinePointToSiteConfiguration()
.WithAddressPool("172.16.201.0/24")
.WithAzureCertificateFromFile("p2scert.cer", new FileInfo(certPath))
.Attach()
.Apply();
Utilities.Log("Created Point-to-Site configuration");
//============================================================
// Generate and download VPN client configuration package. Now it can be used to create VPN connection to Azure.
Utilities.Log("Generating VPN profile...");
String profile = vngw1.GenerateVpnProfile();
Utilities.Log(String.Format("Profile generation is done. Please download client package at: %s", profile));
// At this point vpn client package can be downloaded from provided link. Unzip it and run the configuration corresponding to your OS.
// For Windows machine, VPN client .exe can be run. For non-Windows, please use configuration from downloaded VpnSettings.xml
//============================================================
// Revoke a client certificate. After this command, you will no longer available to connect with the corresponding client certificate.
Utilities.Log("Revoking client certificate...");
vngw1.Update().UpdatePointToSiteConfiguration()
.WithRevokedCertificate("p2sclientcert.cer", clientCertThumbprint)
.Parent()
.Apply();
Utilities.Log("Revoked client certificate");
}
finally
{
try
{
Utilities.Log("Deleting Resource Group: " + rgName);
azure.ResourceGroups.BeginDeleteByName(rgName);
}
catch (NullReferenceException)
{
Utilities.Log("Did not create any resources in Azure. No clean up is necessary");
}
catch (Exception ex)
{
Utilities.Log(ex);
}
}
}