I’m back online this week. Last week, my main router/firewall finally gave up the ghost after being a good stable device for the last few years. I’m not sure if it had anything to do with the storm we had a couple of weeks ago. The storm, also known as a 'derecho’, brought us winds up to 190 km per hour or 118 miles per hour for my US friends.
Aftermath of the Ottawa storm. (Photo/Hydro Ottawa)
I suspect the power surges and outages did a number on my device. However, the geek in me saw that not as the disaster it could have been but as an excellent opportunity to upgrade!!
So, I did. I purchased a new Ubiquiti Unifi Dream Machine Pro. And now I need to reconnect my network to my Azure Virtual Network through a Virtual Network Gateway.
Setting up the Site to Site VPN to my Azure virtual network allows me to securely transfer data, provides me with the opportunity to implement a Private Link for my Azure Arc Enabled server connection to Azure, and many other advantages I’ll be writing about soon.
Here’s the process.
Step 1 - Set up the Azure Virtual Network Gateway
Having a Virtual Network Gateway setup in your environment can bring many possibilities to the table. You can create multiple connection configurations.
For connection diagrams and corresponding links to configuration steps, see VPN Gateway design.
In my case, I need both the Site-to-Site VPN connections to connect my home office to my semi-permanent demo environment and the Point-to-Site VPN connections to be able to connect to my environment securely while I’m on the road.
I’m not going to take you through the entire process of creating the virtual network. You can learn about the creation process here or go through our Learn Modules on Azure Networking.
Step 2 – Create a local network gateway
The local network gateway represents my on-premises location (my site) for routing purposes. I named it HomenetLocalgtw to recognize it easily in Azure when completing the process.
NOTE: My edge device (the Dream Machine Pro) is NOT on the list of known compatible VPN devices. Like me, your device may not be on the validated list. It doesn’t mean it won’t work. It just means it may some research and trial and error to get it configured. There is documentation that contains the steps to configure IPsec/IKE policy for VPN Gateway Site-to-Site VPN... using the Azure portal and PowerShell. You may need to contact your device manufacturer for additional support and configuration instructions.
To create the local network gateway, again Microsoft Docs has great documentation to walk you through getting that setup. In my case, I filled in the info and opted for the FQDN since my IP address may change without notice (Thank you to my ISP for not providing a static IP option)
Step 3 - Configure the local VPN device
The Dream Machine Pro, may not be on the known compatible VPN devices list, but it was very straightforward to set it up. To set it up, I navigated to the “teleport & VPN section in the settings menu
I configured my device by providing the Azure Virtual Network Gateway a name, the Pre-Shared Key, the public IP address, and finally the remote address space I want to route over this connection. In my case 10.0.0.0/24 (the subnet I have my servers on in Azure)
The Advance Section makes the configuration simple since it has in the “Manual Mode” an option for “Azure dynamic routing” the equivalent to Route based gateway, and “Azure static routing” the equivalent to Policy based gateway,
Since I am using the Route based approach, I selected the appropriate option and filled out the rest with the proper info as per the documentation.
Step 4 – Bringing all the pieces together and finalizing the connection.
The final step is to create a site-to-site VPN connection between my virtual network gateway and my newly defined and configured on-premises VPN device. Again full step-by-step instructions can be found here.
That’s it. I’m connected!! I’m now ready to leverage this secure connection for a whole lot of management goodness.
Subscribe to this blog not to miss all the fun.