Merge pull request #4471 from henry416/preview

VPN Client Protocols for gateways

Author: cormacpayne

src/ResourceManager/Network/ChangeLog.md

@@ -32,6 +32,12 @@
     - Updated Add-AzureRMLoadBalancerRuleConfig: Added optional parameter DisableOutboundSNAT
     - Updated Set-AzureRMLoadBalancerRuleConfig: Added optional parameter DisableOutboundSNAT
 
+## Version 4.3.2
+* New-AzureRmVirtualNetworkGateway: Added IkeV2 P2S support. New optional parameter added
+	- VpnClientProtocol
+* Set-AzureRmVirtualNetworkGateway: Added IkeV2 P2S support. New optional parameter added
+	- VpnClientProtocol
+	
 ## Version 4.3.1
 
 ## Version 4.3.0

src/ResourceManager/Network/Commands.Network.Test/Commands.Network.Test.csproj

@@ -520,6 +520,9 @@
     <None Include="SessionRecords\Commands.Network.Test.ScenarioTests.VirtualNetworkGatewayConnectionTests\TestVirtualNetworkGatewayConnectionWithActiveAcitveGateway.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
+    <None Include="SessionRecords\Commands.Network.Test.ScenarioTests.VirtualNetworkGatewayTests\VirtualNetworkGatewayIkeV2Test.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
     <None Include="SessionRecords\Commands.Network.Test.ScenarioTests.VirtualNetworkGatewayTests\VirtualNetworkGatewayRouteApiTest.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>

src/ResourceManager/Network/Commands.Network.Test/ScenarioTests/VirtualNetworkGatewayTests.cs

@@ -57,5 +57,12 @@ public void VirtualNetworkGatewayRouteApiTest()
         {
             NetworkResourcesController.NewInstance.RunPsTest("Test-VirtualNetworkGatewayBgpRouteApi");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void VirtualNetworkGatewayIkeV2Test()
+        {
+            NetworkResourcesController.NewInstance.RunPsTest("Test-VirtualNetworkGatewayIkeV2");
+        }
     }
 }

src/ResourceManager/Network/Commands.Network.Test/ScenarioTests/VirtualNetworkGatewayTests.ps1

@@ -485,4 +485,66 @@ function Test-VirtualNetworkGatewayBgpRouteApi
 	{
 		Clean-ResourceGroup $rgname
 	}
-}
+}
+
+<#
+.SYNOPSIS
+Virtual network gateway BGP route API test
+#>
+function Test-VirtualNetworkGatewayIkeV2
+{
+	# Setup
+    $rgname = Get-ResourceGroupName
+    $rname = Get-ResourceName
+    $domainNameLabel = Get-ResourceName
+    $vnetName = Get-ResourceName
+    $publicIpName = Get-ResourceName
+    $vnetGatewayConfigName = Get-ResourceName
+    $rglocation = Get-ProviderLocation ResourceManagement
+    $resourceTypeParent = "Microsoft.Network/virtualNetworkGateways"
+    $location = Get-ProviderLocation $resourceTypeParent
+
+	try 
+	{
+		# Create the resource group
+		$resourceGroup = New-AzureRmResourceGroup -Name $rgname -Location $rglocation -Tags @{ testtag = "testval" }
+	
+		# create the client root cert
+		$clientRootCertName = "BrkLiteTestMSFTRootCA.cer"
+		#[SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine")]
+		$samplePublicCertData = "MIIDUzCCAj+gAwIBAgIQRggGmrpGj4pCblTanQRNUjAJBgUrDgMCHQUAMDQxEjAQBgNVBAoTCU1pY3Jvc29mdDEeMBwGA1UEAxMVQnJrIExpdGUgVGVzdCBSb290IENBMB4XDTEzMDExOTAwMjQxOFoXDTIxMDExOTAwMjQxN1owNDESMBAGA1UEChMJTWljcm9zb2Z0MR4wHAYDVQQDExVCcmsgTGl0ZSBUZXN0IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7SmE+iPULK0Rs7mQBO/6a6B6/G9BaMxHgDGzAmSG0Qsyt5e08aqgFnPdkMl3zRJw3lPKGha/JCvHRNrO8UpeAfc4IXWaqxx2iBipHjwmHPHh7+VB8lU0EJcUe7WBAI2n/sgfCwc+xKtuyRVlOhT6qw/nAi8e5don/iHPU6q7GCcnqoqtceQ/pJ8m66cvAnxwJlBFOTninhb2VjtvOfMQ07zPP+ZuYDPxvX5v3nd6yDa98yW4dZPuiGO2s6zJAfOPT2BrtyvLekItnSgAw3U5C0bOb+8XVKaDZQXbGEtOw6NZvD4L2yLd47nGkN2QXloiPLGyetrj3Z2pZYcrZBo8hAgMBAAGjaTBnMGUGA1UdAQReMFyAEOncRAPNcvJDoe4WP/gH2U+hNjA0MRIwEAYDVQQKEwlNaWNyb3NvZnQxHjAcBgNVBAMTFUJyayBMaXRlIFRlc3QgUm9vdCBDQYIQRggGmrpGj4pCblTanQRNUjAJBgUrDgMCHQUAA4IBAQCGyHhMdygS0g2tEUtRT4KFM+qqUY5HBpbIXNAav1a1dmXpHQCziuuxxzu3iq4XwnWUF1OabdDE2cpxNDOWxSsIxfEBf9ifaoz/O1ToJ0K757q2Rm2NWqQ7bNN8ArhvkNWa95S9gk9ZHZLUcjqanf0F8taJCYgzcbUSp+VBe9DcN89sJpYvfiBiAsMVqGPc/fHJgTScK+8QYrTRMubtFmXHbzBSO/KTAP5rBTxse88EGjK5F8wcedvge2Ksk6XjL3sZ19+Oj8KTQ72wihN900p1WQldHrrnbixSpmHBXbHr9U0NQigrJp5NphfuU5j81C8ixvfUdwyLmTv7rNA7GTAD";
+		$rootCert = New-AzureRmVpnClientRootCertificate -Name $clientRootCertName -PublicCertData $samplePublicCertData
+
+		# Create the Virtual Network
+		$subnet = New-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" -AddressPrefix 10.0.0.0/24
+		$vnet = New-AzureRmvirtualNetwork -Name $vnetName -ResourceGroupName $rgname -Location $location -AddressPrefix 10.0.0.0/16 -Subnet $subnet
+		$vnet = Get-AzureRmvirtualNetwork -Name $vnetName -ResourceGroupName $rgname      
+		$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet
+
+		# Create the IP config
+		$publicip = New-AzureRmPublicIpAddress -ResourceGroupName $rgname -name $publicIpName -location $location -AllocationMethod Dynamic -DomainNameLabel $domainNameLabel
+		$vnetIpConfig = New-AzureRmVirtualNetworkGatewayIpConfig -Name $vnetGatewayConfigName -PublicIpAddress $publicip -Subnet $subnet
+      
+		# Create & Get IkeV2 + SSTP virtualnetworkgateway
+		New-AzureRmVirtualNetworkGateway -ResourceGroupName $rgname -name $rname -location $location -IpConfigurations $vnetIpConfig -GatewayType Vpn -VpnType RouteBased -EnableBgp $false -GatewaySku VpnGw1 -VpnClientProtocol @( "IkeV2", "SSTP" ) -VpnClientAddressPool 201.169.0.0/16 -VpnClientRootCertificates $rootCert
+		$actual = Get-AzureRmVirtualNetworkGateway -ResourceGroupName $rgname -name $rname
+		Assert-AreEqual "VpnGw1" $actual.Sku.Tier
+		$protocols = $actual.VpnClientConfiguration.VpnClientProtocols
+		Assert-AreEqual 2 @($protocols).Count
+		Assert-AreEqual "IkeV2" $protocols[0]
+		Assert-AreEqual "SSTP" $protocols[1]
+		Assert-AreEqual "201.169.0.0/16" $actual.VpnClientConfiguration.VpnClientAddressPool.AddressPrefixes
+
+		# Update gateway to IkeV2 only
+		Set-AzureRmVirtualNetworkGateway -VirtualNetworkGateway $actual -VpnClientProtocol IkeV2
+		$actual = Get-AzureRmVirtualNetworkGateway -ResourceGroupName $rgname -name $rname
+		$protocols = $actual.VpnClientConfiguration.VpnClientProtocols
+		Assert-AreEqual 1 @($protocols).Count
+		Assert-AreEqual "IkeV2" $protocols[0]
+	}
+	finally
+    {
+		# Cleanup
+        Clean-ResourceGroup $rgname
+    }
+}

src/ResourceManager/Network/Commands.Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.VirtualNetworkGatewayTests/VirtualNetworkGatewayIkeV2Test.json

@@ -24,7 +24,8 @@ public class PSVpnClientConfiguration
 
         public List<PSVpnClientRootCertificate> VpnClientRootCertificates { get; set; }
 
-
+        public List<string> VpnClientProtocols { get; set; }
+        
         [JsonIgnore]
         public string VpnClientAddressPoolText
         {

src/ResourceManager/Network/Commands.Network/Models/PSVpnClientConfiguration.cs

@@ -117,6 +117,16 @@ public class NewAzureVirtualNetworkGatewayCommand : VirtualNetworkGatewayBaseCmd
         [ValidateNotNullOrEmpty]
         public List<string> VpnClientAddressPool { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "The list of P2S VPN client tunneling protocols")]
+        [ValidateSet(
+            MNM.VpnClientProtocol.SSTP,
+            MNM.VpnClientProtocol.IkeV2)]
+        [ValidateNotNullOrEmpty]
+        public List<string> VpnClientProtocol { get; set; }
+
         [Parameter(
             Mandatory = false,
             ValueFromPipelineByPropertyName = true,
@@ -281,6 +291,16 @@ private PSVirtualNetworkGateway CreateVirtualNetworkGateway()
                     vnetGateway.VpnClientConfiguration.VpnClientAddressPool.AddressPrefixes = this.VpnClientAddressPool;
                 }
 
+                if (this.VpnClientProtocol != null)
+                {
+                    vnetGateway.VpnClientConfiguration.VpnClientProtocols = this.VpnClientProtocol;
+                }
+                else
+                {
+                    // set default
+                    vnetGateway.VpnClientConfiguration.VpnClientProtocols = new List<string> { MNM.VpnClientProtocol.SSTP, MNM.VpnClientProtocol.IkeV2 };
+                }
+
                 if (this.VpnClientRootCertificates != null)
                 {
                     vnetGateway.VpnClientConfiguration.VpnClientRootCertificates = this.VpnClientRootCertificates;

src/ResourceManager/Network/Commands.Network/VirtualNetworkGateway/NewAzureVirtualNetworkGatewayCommand.cs

@@ -60,6 +60,16 @@ public class SetAzureVirtualNetworkGatewayCommand : VirtualNetworkGatewayBaseCmd
         [ValidateNotNullOrEmpty]
         public List<string> VpnClientAddressPool { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "A list of P2S VPN client tunneling protocols")]
+        [ValidateSet(
+            MNM.VpnClientProtocol.SSTP,
+            MNM.VpnClientProtocol.IkeV2)]
+        [ValidateNotNullOrEmpty]
+        public List<string> VpnClientProtocol { get; set; }
+
         [Parameter(
             Mandatory = false,
             ValueFromPipelineByPropertyName = true,
@@ -158,6 +168,11 @@ public override void Execute()
                 this.VirtualNetworkGateway.VpnClientConfiguration.VpnClientAddressPool.AddressPrefixes = this.VpnClientAddressPool;
             }
 
+            if (this.VpnClientProtocol != null)
+            {
+                this.VirtualNetworkGateway.VpnClientConfiguration.VpnClientProtocols = this.VpnClientProtocol;
+            }
+
             if (this.VpnClientRootCertificates != null)
             {
                 this.VirtualNetworkGateway.VpnClientConfiguration.VpnClientRootCertificates = this.VpnClientRootCertificates;