fixed hub and spoke scripts

Author: PowerShellCrack

CHANGELOG.md

@@ -1,8 +1,16 @@
 # Change log for AzureSite2SiteVPNLab
 
+## 1.4.1 - February 18, 2022
+
+- Fixed VnetSpoke subnet address on 3B-1 and 2 scripts; was calling an array not a single subnet. Future developments will support multiple subnets
+- Fixed resource checks for peering and public IP; set silently continue for non existing resources error
+- Added ISE check; PowerShell ISE has issues with prompting for password during VyOS setup. Recommend running in PowerShell or VSCode. Thanks Ankit Oberoi
+- Fixed AddressPrefix for LNG; Converted addresses into an array.
+- Verbose output during Az module check; provides clarity of what script is doing.
+
 ## 1.4.0 - January 17, 2022
 
-- Fixed vyos setup script output; was out putting blank file in step 2
+- Fixed VyOS setup script output; was out putting blank file in step 2
 - Added synopsis to each script; provide steps taken and parameters
 - Add OStype parameter to simple Azure VM script; allow Windows 10 or Windows Server deployment
 - Added domain join capability for VM; domain controller must exist

README.md

@@ -159,7 +159,10 @@ _BETA_: **Step 4A-2. Build Hyper-V VM.ps1** <-- Sets up a VM in Hyper-V (not una
 - Some ISP's may not allow VPN traffic; no know work around for this
 - These scripts have not been tested with Azure Gov or other Azure community clouds
 - After Site 2 Site VPN is created; step that check for connectivity may show _unknown) or _not connected_; this may be due to Azure's graph api call not updating immediately. Recommend manual check
+    - Go to Azure Portal --> Local Network Gateways --> Click on new gateway --> Connections
 - VyOS router will remove it trusted ssh host list on each reboot. This is by design and will require login for each script implementation; looking for alternate method to resolve this
+- There are known issues with the PowerShell ISE interface during VyOS configurations; Recommend running with Powershell console or VScode.
+
 ## References
 
 - [Create a VPN Gateway and add a Site-to-Site connection using PowerShell](https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-create-site-to-site-rm-powershell)

Step 3B-1. Build Azure Advanced S2S - Region 1.ps1

@@ -181,10 +181,10 @@ If(-Not($vNetB = Get-AzVirtualNetwork -Name $AzureAdvConfigSiteA.VnetSpokeName -
     Write-Host ("Creating Azure spoke virtual network [{0}]..." -f $AzureAdvConfigSiteA.VnetSpokeName) -ForegroundColor White -NoNewline
     Try{
         $vNetB = New-AzVirtualNetwork -Name $AzureAdvConfigSiteA.VnetSpokeName -ResourceGroupName $AzureAdvConfigSiteA.ResourceGroupName `
-                            -Location $AzureAdvConfigSiteA.LocationName -AddressPrefix $AzureAdvConfigSiteA.VnetSpokeCIDRPrefix[0]
+                            -Location $AzureAdvConfigSiteA.LocationName -AddressPrefix $AzureAdvConfigSiteA.VnetSpokeCIDRPrefix
         #Create a subnet configuration for first VM subnet (vnet B)
         Add-AzVirtualNetworkSubnetConfig -Name $AzureAdvConfigSiteA.VnetSpokeSubnetName -VirtualNetwork $vNetB `
-                -AddressPrefix $AzureAdvConfigSiteA.VnetSpokeSubnetAddressPrefix | Out-Null
+                -AddressPrefix $AzureAdvConfigSiteA.VnetSpokeSubnetAddressPrefix[0] | Out-Null
         Write-Host "Done" -ForegroundColor Green
     }
     Catch{
@@ -203,8 +203,8 @@ Else{
 
 #region 4. Build Peering between vnets
 #https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
-If( -Not(Get-AzVirtualNetworkPeering -Name $AzureAdvConfigSiteA.VnetPeerNameAB -ResourceGroupName $AzureAdvConfigSiteA.ResourceGroupName -VirtualNetwork $vNetA.Name) -or `
-    -Not(Get-AzVirtualNetworkPeering -Name $AzureAdvConfigSiteA.VnetPeerNameBA -ResourceGroupName $AzureAdvConfigSiteA.ResourceGroupName -VirtualNetwork $vNetB.Name) )
+If( -Not(Get-AzVirtualNetworkPeering -Name $AzureAdvConfigSiteA.VnetPeerNameAB -ResourceGroupName $AzureAdvConfigSiteA.ResourceGroupName -VirtualNetwork $vNetA.Name -ErrorAction SilentlyContinue) -or `
+    -Not(Get-AzVirtualNetworkPeering -Name $AzureAdvConfigSiteA.VnetPeerNameBA -ResourceGroupName $AzureAdvConfigSiteA.ResourceGroupName -VirtualNetwork $vNetB.Name -ErrorAction SilentlyContinue) )
 {
     Write-Host ("Creating peering between vnets [{0}] and [{1}]..." -f $AzureAdvConfigSiteA.VnetPeerNameAB,$AzureAdvConfigSiteA.VnetPeerNameBA) -ForegroundColor White -NoNewline
     Try{
@@ -229,7 +229,7 @@ $gwsubnet = Get-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwo
 
 
 #region 5. Create a Public IP address
-If( $null -eq ($azpip = Get-AzPublicIpAddress -Name $AzureAdvConfigSiteA.PublicIpName -ResourceGroupName $AzureAdvConfigSiteA.ResourceGroupName).IpAddress )
+If( $null -eq ($azpip = Get-AzPublicIpAddress -Name $AzureAdvConfigSiteA.PublicIpName -ResourceGroupName $AzureAdvConfigSiteA.ResourceGroupName -ErrorAction SilentlyContinue).IpAddress )
 {
     Write-Host ("Creating Azure public IP [{0}]..." -f $AzureAdvConfigSiteA.PublicIPName) -ForegroundColor White -NoNewline
     Try{
@@ -314,7 +314,7 @@ If( -Not($Local = Get-AzLocalNetworkGateway -Name $AzureAdvConfigSiteA.LocalGate
     Write-host ("Building the local network gateway [{0}]..." -f $AzureAdvConfigSiteA.LocalGatewayName) -ForegroundColor White -NoNewline
     Try{
         New-AzLocalNetworkGateway -Name $AzureAdvConfigSiteA.LocalGatewayName -ResourceGroupName $AzureAdvConfigSiteA.ResourceGroupName `
-                -Location $AzureAdvConfigSiteA.LocationName -GatewayIpAddress $HomePublicIP -AddressPrefix $VyOSConfig.LocalSubnetPrefix.keys @LNGBGPParams | Out-Null
+                -Location $AzureAdvConfigSiteA.LocationName -GatewayIpAddress $HomePublicIP -AddressPrefix @($VyOSConfig.LocalSubnetPrefix.GetEnumerator().Name) @LNGBGPParams | Out-Null
         Write-Host "Done" -ForegroundColor Green
     }
     Catch{
@@ -653,7 +653,7 @@ If($RunManualSteps){
     Write-Host "Information needed to configure local router vpn:" -ForegroundColor Yellow
     Write-Host ("Azure Location:           {0}" -f $AzureAdvConfigSiteA.LocationName)
     Write-Host ("Azure Peer Public IP:     {0}" -f $azpip.IpAddress)
-    Write-Host ("Remote Subnet Prefix:     {0}" -f $AzureAdvConfigSiteA.VnetSpokeSubnetAddressPrefix)
+    Write-Host ("Remote Subnet Prefix:     {0}" -f ($AzureAdvConfigSiteA.VnetSpokeSubnetAddressPrefix -join ','))
     Write-host ("Shared Key (PSK):         {0}" -f $Global:RegionASharedPSK)
     Write-Host ("BGP Enabled:              {0}" -f $UseBGP.ToString())
     If($UseBGP){

Step 3B-2. Build Azure Advanced S2S - Region 2.ps1

@@ -128,10 +128,10 @@ If(-Not($vNetB = Get-AzVirtualNetwork -Name $AzureAdvConfigSiteB.VnetSpokeName -
     Write-Host ("Creating Azure spoke virtual network [{0}]..." -f $AzureAdvConfigSiteB.VnetSpokeName) -ForegroundColor White -NoNewline
     Try{
         $vNetB = New-AzVirtualNetwork -Name $AzureAdvConfigSiteB.VnetSpokeName -ResourceGroupName $AzureAdvConfigSiteB.ResourceGroupName `
-                            -Location $AzureAdvConfigSiteB.LocationName -AddressPrefix $AzureAdvConfigSiteB.VnetSpokeCIDRPrefix[0]
+                            -Location $AzureAdvConfigSiteB.LocationName -AddressPrefix $AzureAdvConfigSiteB.VnetSpokeCIDRPrefix
         #Create a subnet configuration for first VM subnet (vnet B)
         Add-AzVirtualNetworkSubnetConfig -Name $AzureAdvConfigSiteB.VnetSpokeSubnetName -VirtualNetwork $vNetB `
-                -AddressPrefix $AzureAdvConfigSiteB.VnetSpokeSubnetAddressPrefix | Out-Null
+                -AddressPrefix $AzureAdvConfigSiteB.VnetSpokeSubnetAddressPrefix[0] | Out-Null
         Write-Host "Done" -ForegroundColor Green
     }
     Catch{
@@ -150,8 +150,8 @@ Else{
 
 #region 4. Build Peering between vnets
 #https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
-If( -Not(Get-AzVirtualNetworkPeering -Name $AzureAdvConfigSiteB.VnetPeerNameAB -ResourceGroupName $AzureAdvConfigSiteB.ResourceGroupName -VirtualNetwork $vNetA.Name) -or `
-    -Not(Get-AzVirtualNetworkPeering -Name $AzureAdvConfigSiteB.VnetPeerNameBA -ResourceGroupName $AzureAdvConfigSiteB.ResourceGroupName -VirtualNetwork $vNetB.Name) )
+If( -Not(Get-AzVirtualNetworkPeering -Name $AzureAdvConfigSiteB.VnetPeerNameAB -ResourceGroupName $AzureAdvConfigSiteB.ResourceGroupName -VirtualNetwork $vNetA.Name -ErrorAction SilentlyContinue) -or `
+    -Not(Get-AzVirtualNetworkPeering -Name $AzureAdvConfigSiteB.VnetPeerNameBA -ResourceGroupName $AzureAdvConfigSiteB.ResourceGroupName -VirtualNetwork $vNetB.Name -ErrorAction SilentlyContinue) )
 {
     Write-Host ("Creating peering between vnets [{0}] and [{1}]..." -f $AzureAdvConfigSiteB.VnetPeerNameAB,$AzureAdvConfigSiteB.VnetPeerNameBA) -ForegroundColor White -NoNewline
     Try{
@@ -176,7 +176,7 @@ $gwsubnet = Get-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwo
 
 
 #region 5. Create a Public IP address
-If( $null -eq ($azpip = Get-AzPublicIpAddress -Name $AzureAdvConfigSiteB.PublicIpName -ResourceGroupName $AzureAdvConfigSiteB.ResourceGroupName).IpAddress )
+If( $null -eq ($azpip = Get-AzPublicIpAddress -Name $AzureAdvConfigSiteB.PublicIpName -ResourceGroupName $AzureAdvConfigSiteB.ResourceGroupName -ErrorAction SilentlyContinue).IpAddress )
 {
     Write-Host ("Creating Azure public IP [{0}]..." -f $AzureAdvConfigSiteB.PublicIPName) -ForegroundColor White -NoNewline
     Try{
@@ -261,7 +261,7 @@ If( -Not($Local = Get-AzLocalNetworkGateway -Name $AzureAdvConfigSiteB.LocalGate
     Write-host ("Building the local network gateway [{0}]..." -f $AzureAdvConfigSiteB.LocalGatewayName) -ForegroundColor White -NoNewline
     Try{
         New-AzLocalNetworkGateway -Name $AzureAdvConfigSiteB.LocalGatewayName -ResourceGroupName $AzureAdvConfigSiteB.ResourceGroupName `
-                -Location $AzureAdvConfigSiteB.LocationName -GatewayIpAddress $HomePublicIP -AddressPrefix $VyOSConfig.LocalSubnetPrefix.keys @LNGBGPParams | Out-Null
+                -Location $AzureAdvConfigSiteB.LocationName -GatewayIpAddress $HomePublicIP -AddressPrefix @($VyOSConfig.LocalSubnetPrefix.GetEnumerator().Name) @LNGBGPParams | Out-Null
         Write-Host "Done" -ForegroundColor Green
     }
     Catch{
@@ -273,7 +273,7 @@ ElseIf($Local.GatewayIpAddress -ne $HomePublicIP)
 {
     Try{
         Write-Host ("Updating the local network gateway with ip [{0}]" -f $HomePublicIP) -ForegroundColor Yellow -NoNewline
-        #Update Local network gratway's connector IP address (onpremise IP)
+        #Update Local network gateway's connector IP address (on-premise IP)
         New-AzLocalNetworkGateway -Name $AzureAdvConfigSiteB.LocalGatewayName -ResourceGroupName $AzureAdvConfigSiteB.ResourceGroupName `
                 -Location $AzureAdvConfigSiteB.LocationName -GatewayIpAddress $HomePublicIP `
                 -AddressPrefix @($VyOSConfig.LocalSubnetPrefix.GetEnumerator().Name) @LNGBGPParams -Force | Out-Null
@@ -333,7 +333,7 @@ Else{
     If( ($ReconfigureVpn -eq 'Y') -or ($VyOSConfig['ResetVPNConfigs'] -eq $true) )
     {
         Write-Host ("Attempting to update vyos router vpn configurations to use Azure's public IP [{0}]..." -f $azpip.IpAddress) -ForegroundColor Yellow
-        $Global:RegionBSharedPSK = Get-AzVirtualNetworkGatewayConnectionSharedKey -Name $AzureAdvConfigSiteA.ConnectionName -ResourceGroupName $AzureAdvConfigSiteA.ResourceGroupName
+        $Global:RegionBSharedPSK = Get-AzVirtualNetworkGatewayConnectionSharedKey -Name $AzureAdvConfigSiteB.ConnectionName -ResourceGroupName $AzureAdvConfigSiteB.ResourceGroupName
         $VyOSConfig['ResetVPNConfigs'] = $true
     }
     Else{
@@ -588,7 +588,7 @@ If($RunManualSteps){
     Write-Host "Information needed to configure local router vpn:" -ForegroundColor Yellow
     Write-Host ("Azure Location:           {0}" -f $AzureAdvConfigSiteB.LocationName)
     Write-Host ("Azure Peer Public IP:     {0}" -f $azpip.IpAddress)
-    Write-Host ("Remote Subnet Prefix:     {0}" -f $AzureAdvConfigSiteB.VnetSpokeSubnetAddressPrefix)
+    Write-Host ("Remote Subnet Prefix:     {0}" -f ($AzureAdvConfigSiteB.VnetSpokeSubnetAddressPrefix -Join ','))
     Write-host ("Shared Key (PSK):         {0}" -f $Global:RegionBSharedPSK)
     Write-Host ("BGP Enabled:              {0}" -f $UseBGP.ToString())
     If($UseBGP){

Step 4A-1. Build Azure VM.ps1

@@ -339,7 +339,7 @@ If($SecureVM){
     # Advisor Recommendation (high): Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources
     #https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-powershell-quickstart
     $KeyVaultName = ($LabPrefix + 'vmdiskkeys')
-    If(-Not($AzKeyVault = AzKeyVault -Name $KeyVaultName -ResourceGroupName $AzureSimpleConfig.ResourceGroupName -Location eastus -ErrorAction SilentlyContinue -WarningAction SilentlyContinue)){
+    If(-Not($AzKeyVault = AzKeyVault -Name $KeyVaultName -ResourceGroupName $AzureSimpleConfig.ResourceGroupName -ErrorAction SilentlyContinue -WarningAction SilentlyContinue)){
         Write-Host ("Creating Azure Keyvault [{0}]..." -f $KeyVaultName) -ForegroundColor White -NoNewline
         Try{
             $AzKeyVault = New-AzKeyVault -Name $KeyVaultName -ResourceGroupName $AzureSimpleConfig.ResourceGroupName -Location eastus -EnabledForDiskEncryption | Out-Null

configs.ps1

@@ -2,16 +2,18 @@
 Param(
     [switch]$NoAzureCheck,
     [switch]$NoVyosISOCheck
+
 )
 #============================================
 # General Configurations - EDIT THIS
 #============================================
+$IgnoreISECheck = $False #PowerShell ISE has issues with prompting for password during VYOS setup. Recommend running in PowerShell or VSCode.
 
 $LabPrefix = 'Contoso' #identifier for names in lab
 
 $domain = 'contoso.com' #just a name for now (no DC install....yet)
 
-$Email = '<email>' #used only in VM notification for VM autoshutdown settings
+$Email = '<email>' #used only in VM notification for VM auto shutdown settings
 
 #this is used to configure default username and password on Azure VM's
 $VMAdminUser = 'xAdmin'
@@ -204,7 +206,7 @@ If($null -eq $scriptRoot){
 . "$FunctionPath\azure.ps1"
 #endregion
 
-Write-Host "Processed functions. Loading configuration data..." -ForegroundColor Green
+Write-Host "Processed functions. Loading configuration data..." -ForegroundColor Cyan
 
 #check if SSH and SCP exist for automation mode to work
 If(-Not(Test-Command ssh) -and -Not(Test-Command scp) -and -Not(Test-Command ssh-keygen) )
@@ -255,11 +257,14 @@ If(Test-SameSubnet -Ip1 ($AzureSiteBHubCIDR -replace '/\d+$','') -ip2 ($AzureSit
 #============================================
 #region connect to Azure if not already connected
 If(!$NoAzureCheck){
+    Write-Host "Checking for Az Powershell module..." -ForegroundColor White -NoNewline
     If((Find-Module Az).Version -in (Get-InstalledModule Az -AllVersions).version){
-        Write-Verbose "Az Module Loaded"
+        Write-Host ("Az Module [{0}] installed" -f (Get-InstalledModule Az -AllVersions).version) -ForegroundColor Green
     }
     Else{
+        Write-Host "Updating module, this can take awhile..." -ForegroundColor Yellow -NoNewline
         Install-Module -Name Az -AllowClobber -Scope AllUsers -Force
+        Write-Host "Done" -ForegroundColor Green
     }
 
     Try{
@@ -289,6 +294,20 @@ If(!$NoAzureCheck){
     }
 }
 #endregion
+
+If(Test-IsISE){
+    If($IgnoreISECheck -eq $False){
+        Write-Host "===============================" -ForegroundColor Black -BackgroundColor Yellow
+        Write-Host "      CONTINUE AT OWN RISK     " -ForegroundColor Black -BackgroundColor Yellow
+        Write-Host "===============================" -ForegroundColor Black -BackgroundColor Yellow
+        Write-Host "You are currently running this script using PowerShell ISE.`nThere are known issues with the interface during vyos configurations" -ForegroundColor Yellow
+        $ISEResponse = Read-host "Would you like to continue? [Y or N]"
+        If ($ISEResponse -eq 'N'){
+            Break
+        }
+    }
+}
+
 #============================================
 # HYPER-V CHECK
 #============================================
@@ -369,7 +388,7 @@ If(!$NoVyosISOCheck){
                 Write-Host "Done" -ForegroundColor Green
             }
             Catch{
-                Write-host ('UNable to download [{0}]: {1}' -f $vyosfilename,$_.Exception.message) -ForegroundColor Black -BackgroundColor Red
+                Write-host ('Unable to download [{0}]: {1}' -f $vyosfilename,$_.Exception.message) -ForegroundColor Black -BackgroundColor Red
                 break
             }
             Finally{