Script para Auxiliar na VPN Point-to-Site e OpenVPN com o Azure

Script para auxiliar a configuração da VPN point-to-site e OpenVPN com o Azure em máquinas Windows

Buenas Pessoal!!

Realizei um script para auxiliar a configuração da VPN point-to-site e OpenVPN com o Azure em máquinas Windows. Este script gera de forma fácil e iterativa, os certificados e chave necessárias para o processo de configuração de ambos tipos de VPN.

VPN_Logo

Pré-requisitos:

#####################################
#Autor: Eduardo Kieling
#Blog: Https://eduardokieling.com
#Microsoft Azure MVP
#####################################
#>>>Create a certificate root and client + Key For PointTOSite VPN on Azure<<<
#####################################
#
#####################################
#GLOBAL VARIABLES
#####################################
$exportpath = "C:\" #File Path
$certname = Read-Host "Certificate Name"
$pass = Read-Host  "Certificate Password" -AsSecureString
#
#
#
#PS:Openssl requirement
#
#
#####################################

#LOCAL VARIABLES
$rootcertcn="CN="+$certname+"_ROOT"
$clientcertcn="CN="+$certname+"_CLIENT" 

#CREATE ROOT CERTIFICATE
$certroot = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject $rootcertcn -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign


#CREATE CLIENT CERTIFICATE
$certclient = New-SelfSignedCertificate -Type Custom -DnsName $clientcertcn -KeySpec Signature -Subject $clientcertcn -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -Signer $certroot -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")

#EXPORT ROOT AND CLIENT CERTIFICATES
$certrootpfx = Export-PfxCertificate -Cert $certclient -FilePath $exportpath\VPN_CLIENT.pfx -ChainOption EndEntityCertOnly -NoProperties -Password $pass
Write-Host "                                                    " -ForegroundColor DarkRed -BackgroundColor White
Write-Host "     Write the same password you entered before     " -ForegroundColor DarkRed -BackgroundColor White
Write-Host "                                                    " -ForegroundColor DarkRed -BackgroundColor White
openssl pkcs12 -in $exportpath\VPN_CLIENT.pfx -nodes -out $exportpath\"VPN_CLIENT_KEY_"$certname".txt"
Remove-Item  $certrootpfx
$certroot64 = Export-Certificate -Cert $certroot -FilePath $exportpath\VPN_ROOT.cer -Type CER
certutil -encode $certroot64 $exportpath\"VPN_ROOT64_"$certname".cer"
Remove-Item  $certroot64
$certclient64 = Export-Certificate -Cert $certclient -FilePath $exportpath\VPN_CLIENT.cer -Type CER
certutil -encode $certclient64 $exportpath\"VPN_CLIENT64_"$certname".cer"
Remove-Item $certclient64 

Link para download do script: https://github.com/eduardokieling/AzureVPN/blob/master/VPN_Point_TO_Site_FULL.ps1

Abraço
Eduardo Kieling

Autor: Eduardo Kieling

Mestre em Computação Aplicada e Bacharel no curso de Ciência da Computação, Eduardo Kieling é especialista em infraestrutura de TI com ênfase em Cloud Computing, possuindo grande experiência no mercado e atuando em diversas empresas. Hoje é líder de time de Microsoft Azure e Arquiteto de Soluções em Nuvem Sênior, responsável pelo desenho de soluções, implementação e administração de diversas tecnologias. Tem como prática palestras e artigos técnicos, para a comunidade técnica.