Script para Auxiliar na VPN Point-to-Site e OpenVPN com o Azure

Buenas Pessoal!!

Realizei um script para auxiliar a configuração da VPN point-to-site e OpenVPN com o Azure em máquinas Windows. Este script gera de forma fácil e iterativa, os certificados e chave necessárias para o processo de configuração de ambos tipos de VPN.

VPN_Logo

Pré-requisitos:

OpenSSL (Você pode baixa-lo aqui https://www.openssl.org)
Powershell

#####################################
#Autor: Eduardo Kieling
#Blog: Https://eduardokieling.com
#Microsoft Azure MVP
#####################################
#>>>Create a certificate root and client + Key For PointTOSite VPN on Azure<<<
#####################################
#
#####################################
#GLOBAL VARIABLES
#####################################
$exportpath = "C:\" #File Path
$certname = Read-Host "Certificate Name"
$pass = Read-Host  "Certificate Password" -AsSecureString
#
#
#
#PS:Openssl requirement
#
#
#####################################

#LOCAL VARIABLES
$rootcertcn="CN="+$certname+"_ROOT"
$clientcertcn="CN="+$certname+"_CLIENT" 

#CREATE ROOT CERTIFICATE
$certroot = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject $rootcertcn -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign


#CREATE CLIENT CERTIFICATE
$certclient = New-SelfSignedCertificate -Type Custom -DnsName $clientcertcn -KeySpec Signature -Subject $clientcertcn -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -Signer $certroot -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")

#EXPORT ROOT AND CLIENT CERTIFICATES
$certrootpfx = Export-PfxCertificate -Cert $certclient -FilePath $exportpath\VPN_CLIENT.pfx -ChainOption EndEntityCertOnly -NoProperties -Password $pass
Write-Host "                                                    " -ForegroundColor DarkRed -BackgroundColor White
Write-Host "     Write the same password you entered before     " -ForegroundColor DarkRed -BackgroundColor White
Write-Host "                                                    " -ForegroundColor DarkRed -BackgroundColor White
openssl pkcs12 -in $exportpath\VPN_CLIENT.pfx -nodes -out $exportpath\"VPN_CLIENT_KEY_"$certname".txt"
Remove-Item  $certrootpfx
$certroot64 = Export-Certificate -Cert $certroot -FilePath $exportpath\VPN_ROOT.cer -Type CER
certutil -encode $certroot64 $exportpath\"VPN_ROOT64_"$certname".cer"
Remove-Item  $certroot64
$certclient64 = Export-Certificate -Cert $certclient -FilePath $exportpath\VPN_CLIENT.cer -Type CER
certutil -encode $certclient64 $exportpath\"VPN_CLIENT64_"$certname".cer"
Remove-Item $certclient64

Link para download do script: https://github.com/eduardokieling/AzureVPN/blob/master/VPN_Point_TO_Site_FULL.ps1

Abraço
Eduardo Kieling

Autor: Eduardo Kieling

Mestre em Computação Aplicada e Bacharel no curso de Ciência da Computação, Eduardo Kieling é especialista em infraestrutura de TI com ênfase em Cloud Computing, possuindo grande experiência no mercado e atuando em diversas empresas. Hoje é líder de time de Microsoft Azure e Arquiteto de Soluções em Nuvem Sênior, responsável pelo desenho de soluções, implementação e administração de diversas tecnologias. Tem como prática palestras e artigos técnicos, para a comunidade técnica. Ver todos posts por Eduardo Kieling

Microsoft Azure Updates

.NET Core support for Azure Analysis Services client libraries is in preview 10/07/2020

In response to customer feedback, .NET Core support for Azure Analysis Services client libraries is now available in preview. Start building .NET Core applications for modern cross-platform and cloud-oriented environments that target Analysis Services and Microsoft Power BI.

Azure Private Link support for Azure Automation is now available in preview 09/07/2020

You can now use Azure Private Link to securely connect virtual networks to Azure Automation using private endpoints (in preview).

Azure Kubernetes Service (AKS) now supports confidential workloads through DCSv2 SKUs (private preview) 09/07/2020

Azure Kubernetes Service (AKS) now supports confidential workloads through integration with DCSv2 SKU node pools powered by Intel SGX.

Private endpoints for Azure File Sync are now generally available 09/07/2020

Starting with Azure File Sync agent 10.1, Azure File Sync supports private endpoints in all public and Azure US Government cloud regions where Azure File Sync is available.

Create virtual machines from Azure Shared Image Gallery (SIG) 08/07/2020

You can now enable specialized images from your shared image gallery (SIG) for lab users to create virtual machines.

Compartilhe isto:

Curtir isso:

Autor: Eduardo Kieling