Azure-docs: Linux VPN Setup - Missing Prerequisite

Created on 22 Jun 2020 · 6Comments · Source: MicrosoftDocs/azure-docs

Hello,

I spent far too long struggling to get this working before realising that you cant have the SKU set to Basic.
See 4.2 - https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal#addresspool

I think that there is an assumption that all of this documentation is consumed in one go and in order.
In my case, i had used terraform to deploy an Azure Gateway with a Basic SKU.

In this documentation, you are setting up an IKEv2 tunnel which is not supported by default with the Basic SKU. The SKU needs to be changed and the Point to Site configuration needs to be SSTP and IKEv2 as a prerequisite to following the steps listed here for an Ubuntu ipsec tunnel.

Thanks
Ashley

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: 69e3b74c-2e19-9963-bf78-2d0a01e6f906
Version Independent ID: 5fbd6b33-2af1-5f5d-b824-d3bbd5649956
Content: Configure a Point-to-Site (P2S) VPN on Linux for use with Azure Files
Content Source: articles/storage/files/storage-files-configure-p2s-vpn-linux.md
Service: storage
Sub-service: files
GitHub Login: @roygara
Microsoft Alias: rogarana

Pri2 assigned-to-author doc-bug filesubsvc storagsvc triaged

Source

akingscote

All 6 comments

@akingscote Thank you for your feedback . We will investigate and update the thread.

shashishailaj on 22 Jun 2020

@akingscote Thanks for the feedback! I have assigned the issue to the content author to investigate further and update the document as appropriate.

SumanthMarigowda-MSFT on 23 Jun 2020

@akingscote Thanks for making us aware of this. I've gone ahead and reached out to the writer and will work with them to get this sorted out.

roygara on 24 Jun 2020

@akingscote So I reached out to the writer and we went over the doc together. Actually the segment of the script where you are instructed to use that tunnel doesn't use the basic SKU. I copied this out of the document:

az network vnet-gateway create \
    --resource-group $resourceGroupName \
    --name $vpnName \
    --vnet $virtualNetworkName \
    --public-ip-addresses $publicIpAddress \
    --location $region \
    --sku "VpnGw1" \
    --gateway-typ "Vpn" \
    --vpn-type "RouteBased" \
    --address-prefixes "172.16.201.0/24" \
    --client-protocol "IkeV2" > /dev/null

As you can see, it's VpnGw1, so I'm not sure what you mean. Are you referring to something else?

roygara on 24 Jun 2020

🚀1

@roygara
Thanks for looking into this. As i mentioned in my comment, I think that there is an assumption that all of this documentation is consumed in one go and in order. I deployed a VPN gateway and peerings etc.. via terraform and wanted to connect via linux, so i then consulted this document. It does briefly mention about the SKU elsewhere - https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal#creategw but i never found that page as im not interested in Mac, so i only found the documentation for Linux P2S. I came onto this page directly.
I guess I missed it on my side, but i really feel like this need to be made clearer.

Surely its not much effort to put a section in saying the VPN gateway SKU needs to be set to anything other than Basic.
By following your logic of users having to follow the script, you are implying that the SKU can only be set to VpnGw1.

akingscote on 24 Jun 2020

@akingscote No no, I'm clarifying that we're talking about the same thing. Since we are, this is easy to resolve. And I want to be clear: This is good feedback, thanks for pointing this out, we appreciate it! :)

I've gone ahead and added a bit to the note in front of the script calling this out. That'll be live later today.

Accordingly, I'll close this issue out.

Again, thanks for bringing this to our attention. :)