One of the issues you face with setting up an Azure Site to Site VPN is making sure that your Azure Local Network Gateway always has your Public/On-premises IP.
This setup is fine when used in environments that have Static IPs (and yes if setting this up for a Business or Production, it is highly recommended to have a static IP!).
However, when used in environments like my home network or lab environments - which has a Dynamic IP that could change at any time it will cause connectivity issues if your IP changes and the Local Network Gateway is not updated.
The script below – intended to be run on as a Daily scheduled task, will find your Public IP and connect to Azure and if needed – will update the IP of your Local Network Gateway.
- Az PowerShell Module
- Azure Service Principal (with Contributor rights to the Azure Local Network Gateway)
Once you have the Azure Service Principal and Az Module installed, you need to edit the following variables to suit your environment:
- $ResourceGroup = ‘RESOURCE GROUP OF LOCAL NETWORK GATEWAY’
- $LocalNetworkGateway = ‘NAME OF AZURE LOCAL NETWORK GATEWAY’
- $azureAplicationId =’AZURE AD APPLICATION ID’
- $azureTenantId= ‘AZURE AD TENANCY/DIRECTORY ID’
- $azureAPI = ‘AZURE AD APPLICATION API/CLIENT SECRET’
Note: Script is also hosted on my Github repository. Feel free to clone/recommend improvements or fork.