You are browsing the archive for 2016 May.

Avatar of Florent

by Florent

[pfSense] VPN S2S with Azure

6:00 am in Azure, Microsoft, pfSense by Florent

Because I would like to have a VPN @ home and a VPN with Azure, we advise me to use pfSense. This distribution is very flexible and give you the possibility to connect your host/VM with PPPoE with you ISP but also, to have a performant firewall, doing VPN connections with IPSec, OpenVPN, L2TP, etc.

The idea of this article will be to create a S2S VPN with Azure RM via pfSense.

I started by connecting my pfSense VM (1vCPU, 512MB RAM), with PPPoE to my ISP. Because I have a dynamic public IP, I created an account noip.com with a DNS recording. I connected my pfSense to NOIP to update this public IP automatically in Services > Dynamic DNS:

SNAGHTMLeb3953b

When my VM will restart or my lease will be ended, my IP will be updated directly on my NOIP.

Azure

I will now create my VPN on Azure. Go on https://portal.azure.com and connect to your subscription. Be sure to create a virtual network, in Resource Manager:

image

After, you need to create your Virtual Network Gateway, by choosing the virtual network created previously, and by choosing a a subnet for the Gateway and a public IP. Choose the VPN type, with a VPN type of Route based:

image

After some minutes, our gateway is ready. We need to create a Local Network Gateway, that will host the public IP of the pfSense and local network where the pfSense is connected to access them:

SNAGHTMLed9b5f9

If you have a public dynamic IP, you can check here: http://scug.be/florent/2016/05/30/powershell-update-your-azure-s2s-vpn-with-dynamic-public-ip/

Now, we need to associate our local network to our virtual gateway. Go on your gateway created previously and click on Add:

SNAGHTMLedfe068

Choose Site-to-site (IPSec) with the gateway created previously. Provide a shared key. This key will be used in the pfSense configuration’s:

image

My connection:

SNAGHTMLedf7b26

pfSense

Now, we will configure our pfSense to have the connectivity to Azure. Go in VPN > IPSec and add a new phase 1. Give the public IP address of your Azure gateway, with your shared key:

SNAGHTMLee301eb

Deactivate DPD:

image

Save, and to this phase 1, add a phase 2 by giving the Azure network that you provide during the virtual network creation:

image

Apply change:

image

My S2S VPN is now connected:

SNAGHTMLeeaf6d8

You can deploy a VM on Azure, with the virtual network where the VPN is connected, without public IP and after, connect to it from your local network:

image

Enjoy your connectivity to AzureSourire

Avatar of Florent

by Florent

[PowerShell] Update your Azure S2S VPN with Dynamic Public IP

6:00 am in Azure, Azure Automation, Microsoft, PowerShell by Florent

I created a S2S VPN with my Azure subscription and, because I don’t a fix public IP @ Home, I searched on internet and I found a blog post who speak about this subject: https://www.vnext.be/2013/12/01/windows-azure-s2s-vpn-with-dynamic-public-ip/

The only problem is, that this script is for azure classic and not for Azure RM.

So I modified this script to update your dynamic public IP on Azure, to have a limited disruption of your VPN S2S with ARM. At my home, this script is executed every 5 minutes. I will do an Azure Automation version later

Don’t hesitate to give me your comments/remarks Sourire

The link: https://gallery.technet.microsoft.com/Update-AzureRM-S2S-VPN-c46cc39e

Avatar of Florent

by Florent

[Hyper-V] Nested VM can’t start

6:00 am in Microsoft, Nano Server, Windows Server 2016 by Florent

With Windows Server 2016 TP4, Microsoft added a new feature, Nested Hyper-V. This feature give you the possibility to do virtualization in VMs thatare running on Hyper-V.

On 27th of April, Microsoft has released the TP5 version of Windows Server 2016. Because I’m using my Azure Stack server has host, who is running on Windows Server 2016 TP4, I tried to test the Nested Hyper-V TP5 on this server. I created a Nano Server with the Hyper-V role and I created a VM WS2016TP5 on it:

SNAGHTML9682b64

I started this VM and I had the following error:

Failed to start the virtual machine ‘WS2016TP5’ because one of the Hyper-V components is not running

image

The problem is that if you want to run the TP5 version of Nested Hyper-V, your Hyper-V server MUST be on TP5 too. I hope I helped you Sourire