ahawker
Contributor
Contributor

Creating IPSEC VPN with powercli possible?

Anyone tried creating an IPSEC VPN with powercli? Had a search around but google is not coming back with anything useful. Cant seem to find a cmdlet either.

Any help/advice very much appreciated!

 

0 Kudos
1 Reply
bdmpastx
Contributor
Contributor

Yes, I have code written to do this, it wasn't too hard. The script does both ends of the tunnel.

I cannot share the full code because it would show some of my security. But basically you have to get the existing XML for the edge gateway using the REST API then "PUT" the configuration you want. I use Powershell to make the xml then use the vcloud REST API to "PUT".

You will need the HREF for the edge and a few other items to make this work.The HREF you get from powershell is different for the advanced edge gateway. So you have to use parts of it to make your own HREF link for advance edges.

Standard Edge HREF: "https://fqdnVCD/api/admin/edgeGateway/<edgeid>/"

Advanced Edge HREF: "https://fqdnVCD/network/edges/<edgeid>"

Some sample code for the edge gateway side, but not all of it. You would have to make some settings work with whatever you are configuring like the encryption settings, subnets etc.

$VPNName = $org.name +'-VPN'+ ('{0:D2}' -f ($NumberOfExistingTunnels+1))
$VPNDescription = $VPNName + ' VPN Tunnel'
$IpsecVpnThirdPartyPeer = 'IpsecVpnThirdPartyPeer'
$PeerId = $PeerIpAddress
$LocalIpAddress = $EdgeGatewayExtIP
$LocalId = $EdgeGatewayExtIP
$PeerSubnetGateway = $PeerNetwork
$PeerSubnetNetmask = '255.255.255.0'
$PeerSubnetName = $PeerSubnetGateway +'/24'
$SharedSecretEncrypted = 'false'
$EncryptionProtocol = 'AES256'
$Mtu = '1500'
$IsEnabled = 'true'
$enablePFS = 'true'
$DHGroup = 'dh2'

$IPSecVPNBuildXML = '<?xml version="1.0" encoding="utf-8"?>
<ipsec>
<enabled>'+ $IsEnabled +'</enabled>
<logging>
<enable>'+ $IsEnabled +'</enable>
<logLevel>info</logLevel>
</logging>
<sites>
<site>
<enabled>'+ $IsEnabled +'</enabled>
<name>'+ $VPNName +'</name>
<localId>'+ $LocalId +'</localId>
<localIp>'+ $LocalIpAddress +'</localIp>
<peerId>'+ $PeerId +'</peerId>
<peerIp>'+ $PeerId +'</peerIp>
<encryptionAlgorithm>'+ $EncryptionProtocol +'</encryptionAlgorithm>
<enablePfs>'+ $enablePFS +'</enablePfs>
<dhGroup>'+ $DHGroup +'</dhGroup>
<localSubnets>
<subnet>'+ $localsubnet +'</subnet>
</localSubnets>
<peerSubnets>
<subnet>'+ $PeerSubnetName +'</subnet>
</peerSubnets>
<psk>'+ $SharedSecret +'</psk>
<authenticationMode>psk</authenticationMode>
</site>
</sites>
<global>
<psk>'+ $SharedSecret +'</psk>
<caCertificates/>
<crlCertificates/>
</global>
</ipsec>

'

Tags (1)
0 Kudos