Tutorials

Create a Site-to-Site VPN between ProfitBricks and Azure with RRAS

Required to Proceed:

  • Basic understanding on how to deploy servers via the ProfitBricks DCD designer. Visit the Help Pages for additional information and tutorials.
  • An active Azure subscription to deploy a new VNET and VPN Gateway.

Instructions

  1. Below is a snapshot of the ProfitBricks environment. It is comprised of two freshly installed Window Server 2012 R2. The Internet facing server will be configured with RRAS and the second machine can be used for testing connectivity once the tunnel is established.

    DCD Screenshot

  2. Make a note of your ProfitBricks server IP addresses. My environment is configured as follows:

    • VPN_RRAS Public IP: 162.254.27.113
    • VPN_RRAS Internal IP: 192.168.10.5
    • RRAS_Client _01 Internal IP: 192.168.10.10
  3. .
  4. It may also be a good idea to setup some basic firewall rules to protect the RRAS server. Please remember that this tutorial is purely for demonstration purposes and you should follow your organization’s security policies on how to secure your environment accordingly. Below are the rules configured for the internet facing NIC of the VPN_RRAS ProfitBricks server:

    DCD Firewall Rules

  5. Sign in to the Azure portal and let’s create an Azure Local Network. This term is a reference to the “on-premises” side and will be used to create the routing rules to the ProfitBricks IPv4 address space.

  6. In the lower left corner of the Azure management portal, click the “+ NEW” button --> Network Services --> Virtual Network --> Add Local Network.

    Azure Add Local Network

  7. The ADD A LOCAL NETWORK wizard will pop-up. Enter a name for your local network in Azure and the Internet facing IP of the SOPHOS server. Click the Next arrow.

    Azure Add Local Network - Step 1

  8. The next step is to enter the address space for the ProfitBricks internal network. In this example, this is a 192.168.10.1/24 address space as shown below:

    Azure Add Local Network - Step 2

  9. This will create the “Local Network” in Azure. You can see the newly created network under Networks  Local Networks

    Azure Local Network Created

  10. The next step is to create a Virtual Network to be used within the Azure infrastructure. This VNET will combine the local network created in the previous steps. NOTE: A VNET could also include DNS server entries. However; this step will be skipped for the purposes of this tutorial as testing will be done purely via IP addresses.

  11. In the lower left corner of the Azure management portal, click the “+ NEW” button --> Network Services --> Virtual Network --> Custom Create

    Azure Virtual Network Custom Create

  12. The CREATE A VIRTUAL NETWORK wizard will pop-up. Enter a name for your virtual network and select a location according to your Data Center region. Click the Next arrow.

    Azure Create Virtual Network - Step 1

  13. Click the “Configure a site-to-site VPN” and select the Local Network created in the previous steps.

    Create Virtual Network - Step 2

  14. The next step is to enter the address space for the Azure virtual network. In this example, this is a 10.10.0.0/24 address space. Add a Subnet and a Gateway as shown below:

    • Subnet-1 is where VMs created in Azure will live and obtain DHCP addresses (and DNS if configured).

    • Gateway subnet will be used later when a gateway is created.

    Create Virtual Network - Step 3

  15. This will create the “Virtual Network” in Azure. You can see the newly created network under Networks --> Virtual Networks.

    Azure Virtual Network Created

  16. Click on the “Azure_To_PB_RRAS_VNET” virtual network to display the Dashboard. Once the dashboard is displayed, click the CREATE GATEWAY button and select Dynamic Routing.

    Azure Dashboard

  17. At this point, Azure will create the gateway (~10-15 minutes) and setup the static routes so it can find the path to the on premise (ProfitBricks) network as defined in the “Local Network”.

    Azure Dashboard - Creating Gateway

  18. Once the Gateway is created, it will show disconnected and display the IP Address of the Gateway device.

    Azure Gateway Disconnected

  19. The next step is to configure the ProfitBricks “VPN_RRAS” as a VPN RRAS router. Click on the “Download VPN Device Script” link under the quick glance right navigation bar to download the script. Make sure to select the appropriate Vendor, Platform and Operating System as pictured below:

    Azure VPN Device Script

  20. Copy this file to the VPN_RRAS ProfitBricks server and change the .CFG extension to .PS1 to indicate that it is a Windows Power Shell script. Please consider the following:

    • Open the file with Notepad and review it.
    • Notice the “plain text” passphrase/key for the connection. Make sure to permanently delete this file after the configuration is complete or store it securely according to your organization policies.
    • The script will install the Remote Access Role/Features/services and configure the static routes to the Azure Virtual Network.
    • In order to run the VPN configuration script, the Windows PowerShell Execution policy on the RRAS machine must be set to “Unrestricted”.
  21. Open an elevated PowerShell console (right-click --> Run as Administrator) from the VPN_RRAS ProfitBricks server and execute “Set-ExecutionPolicy Unrestricted”

    RRAS PowerShell Script

  22. Next, run the downloaded script to begin the RRAS installation and configuration. Once this is complete, open the Routing and Remote Access Console --> Network Interfaces to see the newly created Demand-dial interface. If the connection state is not connected, right click the interface and select “Connect”.

    RRAS Configuration

  23. Go to the Azure management portal under Networks --> Virtual Networks --> Azure_To_PB_RRAS_VNET to verify the connection. Note that you may need to refresh the page and it should eventually display a successful connection as depicted below:

    Azure VPN Connected

  24. At this point, you can deploy a VM in Azure to test connectivity across the tunnel. Make sure to select the “Azure_To_PB_RRAS_VNET” under the Region/Affinity Group/Virtual Network.

    Azure New Virtual Machine

  25. As a final note, make sure the server firewalls are configured properly for whatever tests you decide to run (RDP, File Transfer, etc.).

 
  • I have visited this place and enjoyed playing risk board game from the bottom of my heart as you will play risk board game online i will fully entertained and this will be full of enjoyment.

Log In, Add a Comment