Azure Virtual Network Gateway VPN Client Connection Cmdlets

Overview

Azure Virtual Network Gateway enables secure, cross-premises connectivity between your on-premises network and your Azure Virtual Network (VNet). VPN client connections allow individual users to connect to your VNet from their devices. The following cmdlets help you manage these connections.

Cmdlets for VPN Client Connection Management

The primary cmdlets for managing VPN client connections include:

Get-AzVpnClientConnection
Retrieves information about existing VPN client connections.
New-AzVpnClientConnection
Creates a new VPN client connection profile.
Remove-AzVpnClientConnection
Removes a VPN client connection profile.
Set-AzVpnClientConnection
Updates settings for an existing VPN client connection profile.
Get-AzVpnClientConnectionHealth
Retrieves the health status of VPN client connections.
Get-AzVpnClientConnectionConfiguration
Retrieves the configuration details for VPN client connections.

`Get-AzVpnClientConnection`

This cmdlet retrieves information about VPN client connections. You can filter results by gateway name, resource group, or connection name.

Syntax

Get-AzVpnClientConnection
    [-ResourceGroupName <String>]
    [-VirtualNetworkGatewayName <String>]
    [-Name <String>]
    [-DefaultProfile <IAzureContextContainer>]
    [ <CommonParameters> ]

Parameters

-ResourceGroupName: The name of the resource group for the Virtual Network Gateway.
-VirtualNetworkGatewayName: The name of the Virtual Network Gateway.
-Name: The name of the VPN client connection profile.

Example

Get-AzVpnClientConnection -ResourceGroupName "MyResourceGroup" -VirtualNetworkGatewayName "MyVpnGateway" -Name "MyVpnConnection"

`New-AzVpnClientConnection`

This cmdlet creates a new VPN client connection profile, typically used to download a P2S (Point-to-Site) configuration for a VPN client.

Syntax

New-AzVpnClientConnection
    -ResourceGroupName <String>
    -VirtualNetworkGatewayName <String>
    -Name <String>
    -VpnClientAddressPool <String[]>
    -VpnClientProtocol <VpnClientProtocol[]>
    -AuthenticationMethod <VpnClientAuthenticationMethod[]>
    [-RadiusServerAddress <String>]
    [-RadiusServerSecret <String>]
    [-DefaultProfile <IAzureContextContainer>]
    [ <CommonParameters> ]

Parameters

-ResourceGroupName: The name of the resource group.
-VirtualNetworkGatewayName: The name of the Virtual Network Gateway.
-Name: The desired name for the VPN client connection.
-VpnClientAddressPool: An array of IP address ranges for the client VPN pool.
-VpnClientProtocol: The protocols to use (e.g., 'IkeV2', 'SSTp').
-AuthenticationMethod: The authentication method (e.g., 'EapTls', 'AzureActiveDirectory').
-RadiusServerAddress: The address of the RADIUS server (if using RADIUS authentication).
-RadiusServerSecret: The secret for the RADIUS server (if using RADIUS authentication).

Note: To download the client configuration package after creation, use Get-AzVpnClientPackage.

`Remove-AzVpnClientConnection`

This cmdlet removes a VPN client connection profile from a Virtual Network Gateway.

Syntax

Remove-AzVpnClientConnection
    -ResourceGroupName <String>
    -VirtualNetworkGatewayName <String>
    -Name <String>
    [-Force]
    [-DefaultProfile <IAzureContextContainer>]
    [ <CommonParameters> ]

Parameters

-ResourceGroupName: The name of the resource group.
-VirtualNetworkGatewayName: The name of the Virtual Network Gateway.
-Name: The name of the VPN client connection profile to remove.
-Force: Suppresses confirmation prompts.

`Set-AzVpnClientConnection`

This cmdlet modifies the settings of an existing VPN client connection profile.

Syntax

Set-AzVpnClientConnection
    -ResourceGroupName <String>
    -VirtualNetworkGatewayName <String>
    -Name <String>
    [-AddVpnClientAddressPool <String[]>]
    [-RemoveVpnClientAddressPool <String[]>]
    [-AddVpnClientProtocol <VpnClientProtocol[]>]
    [-RemoveVpnClientProtocol <VpnClientProtocol[]>]
    [-DefaultProfile <IAzureContextContainer>]
    [ <CommonParameters> ]

Parameters

-ResourceGroupName: The name of the resource group.
-VirtualNetworkGatewayName: The name of the Virtual Network Gateway.
-Name: The name of the VPN client connection profile to update.
-AddVpnClientAddressPool: Adds IP address ranges to the client VPN pool.
-RemoveVpnClientAddressPool: Removes IP address ranges from the client VPN pool.
-AddVpnClientProtocol: Adds VPN client protocols.
-RemoveVpnClientProtocol: Removes VPN client protocols.

`Get-AzVpnClientConnectionHealth`

Retrieves the current health status of all active VPN client connections to a Virtual Network Gateway.

Syntax

Get-AzVpnClientConnectionHealth
    -ResourceGroupName <String>
    -VirtualNetworkGatewayName <String>
    [-DefaultProfile <IAzureContextContainer>]
    [ <CommonParameters> ]

Parameters

-ResourceGroupName: The name of the resource group.
-VirtualNetworkGatewayName: The name of the Virtual Network Gateway.

Note: This cmdlet provides real-time connection status and can be useful for troubleshooting.

`Get-AzVpnClientConnectionConfiguration`

Retrieves the configuration details for VPN client connections, including download links for client configuration packages.

Syntax

Get-AzVpnClientConnectionConfiguration
    -ResourceGroupName <String>
    -VirtualNetworkGatewayName <String>
    [-DefaultProfile <IAzureContextContainer>]
    [ <CommonParameters> ]

Parameters

-ResourceGroupName: The name of the resource group.
-VirtualNetworkGatewayName: The name of the Virtual Network Gateway.

Example Output Snippet

{
    "VpnClientConfigurationPackages": {
        "VpnPackageUrl": "https://myvpngateway.blob.core.windows.net/vpnclientconfig/your_package.zip",
        "Type": "VpnClientPackageVpnClientPackageType"
    },
    // ... other configuration details
}

Related Cmdlets

Get-AzVpnClientPackage: Downloads the VPN client configuration package.
New-AzVirtualNetworkGateway: Creates a new Azure Virtual Network Gateway.
Set-AzVirtualNetworkGateway: Modifies an existing Virtual Network Gateway.

Considerations for Scaling Templates

When working with scaling templates, ensure that your VPN client connection configurations are robust and can handle changes in the number of gateways or their configurations. The cmdlets discussed here are fundamental to deploying and managing these connections, regardless of the underlying scaling mechanism.

For automated deployments and management within scaling templates, consider the following:

Parameterization: Use variables and parameters for resource names, IP ranges, and protocols to make your scripts adaptable.
Error Handling: Implement robust error handling in your scripts to manage potential failures during connection creation or updates.
Idempotency: Design your scripts to be idempotent, meaning they can be run multiple times without unintended side effects.

Warning: Modifying VPN client configurations dynamically can impact existing user connections. Plan changes carefully and communicate any disruptions to users.